· 6 years ago · Nov 11, 2019, 05:22 AM
1######################################################################################################################################
2=======================================================================================================================================
3Hostname www.kosgeb.gov.tr ISP Turk Telekom
4Continent Asia Flag
5TR
6Country Turkey Country Code TR
7Region Ankara Local time 11 Nov 2019 06:46 +03
8City Ankara Postal Code 06520
9IP Address 88.255.226.247 Latitude 39.906
10 Longitude 32.819
11=======================================================================================================================================
12#######################################################################################################################################
13> www.kosgeb.gov.tr
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: www.kosgeb.gov.tr
19Address: 88.255.226.247
20>
21######################################################################################################################################
22** Domain Name: kosgeb.gov.tr
23
24** Registrant:
25 KOSGEB Başkanlığı
26 MKEK Binası 9.Kat Tandoğan
27 06330
28 Ankara,
29 Türkiye
30 mgunay@kosgeb.gov.tr
31 + 90-312-2128190-
32 + 90-312-2238769
33
34
35** Administrative Contact:
36NIC Handle : kvo9-metu
37Organization Name : Küçük ve Orta Ölçekli İşletmeleri Geliştirme ve Destekleme İdaresi Başkanlığı
38Address : Anafartalar Mah. İstanbul Cad. No: 32
39 06050 Ulus / Altındağ / ANKARA
40 Ankara,06050
41 Türkiye
42Phone : + 90-312-5952800-2771
43Fax : + 90-312-3680715-
44
45
46** Technical Contact:
47NIC Handle : kvo9-metu
48Organization Name : Küçük ve Orta Ölçekli İşletmeleri Geliştirme ve Destekleme İdaresi Başkanlığı
49Address : Anafartalar Mah. İstanbul Cad. No: 32
50 06050 Ulus / Altındağ / ANKARA
51 Ankara,06050
52 Türkiye
53Phone : + 90-312-5952800-2771
54Fax : + 90-312-3680715-
55
56
57** Billing Contact:
58NIC Handle : kvo9-metu
59Organization Name : Küçük ve Orta Ölçekli İşletmeleri Geliştirme ve Destekleme İdaresi Başkanlığı
60Address : Anafartalar Mah. İstanbul Cad. No: 32
61 06050 Ulus / Altındağ / ANKARA
62 Ankara,06050
63 Türkiye
64Phone : + 90-312-5952800-2771
65Fax : + 90-312-3680715-
66
67
68** Domain Servers:
69ns1.kosgeb.gov.tr 88.255.226.131
70ns2.kosgeb.gov.tr 88.255.226.140
71
72** Additional Info:
73Created on..............: 1997-May-01.
74Expires on..............: 2021-Apr-30.
75#######################################################################################################################################
76[+] Target : www.kosgeb.gov.tr
77
78[+] IP Address : 88.255.226.247
79
80[+] Headers :
81
82[+] Cache-Control : private
83[+] Content-Type : text/html; charset=utf-8
84[+] Content-Encoding : gzip
85[+] Vary : Accept-Encoding
86[+] Server : Microsoft-IIS/8.5
87[+] Set-Cookie : ASP.NET_SessionId=2arf05tjndrt45u3fczgygmy; path=/; HttpOnly
88[+] X-AspNet-Version : 4.0.30319
89[+] Date : Mon, 11 Nov 2019 03:52:35 GMT
90[+] Content-Length : 18356
91
92[+] SSL Certificate Information :
93
94[+] organizationalUnitName : Domain Control Validated
95[+] commonName : *.kosgeb.gov.tr
96[+] countryName : GB
97[+] stateOrProvinceName : Greater Manchester
98[+] localityName : Salford
99[+] organizationName : COMODO CA Limited
100[+] commonName : COMODO RSA Domain Validation Secure Server CA
101[+] Version : 3
102[+] Serial Number : C3D28FE04C44FAB88268DD8BE2BCB3AC
103[+] Not Before : Oct 4 00:00:00 2018 GMT
104[+] Not After : Oct 3 23:59:59 2020 GMT
105[+] OCSP : ('http://ocsp.comodoca.com',)
106[+] subject Alt Name : (('DNS', '*.kosgeb.gov.tr'), ('DNS', 'kosgeb.gov.tr'))
107[+] CA Issuers : ('http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt',)
108[+] CRL Distribution Points : ('http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl',)
109
110[+] Whois Lookup :
111
112[+] NIR : None
113[+] ASN Registry : ripencc
114[+] ASN : 9121
115[+] ASN CIDR : 88.255.128.0/17
116[+] ASN Country Code : TR
117[+] ASN Date : 2005-10-27
118[+] ASN Description : TTNET, TR
119[+] cidr : 88.255.226.128/25
120[+] name : KOSGEB-NET
121[+] handle : AT14183-RIPE
122[+] range : 88.255.226.128 - 88.255.226.255
123[+] description : KOSGEB Baskanlik
124[+] country : TR
125[+] state : None
126[+] city : None
127[+] address : Abdulhakhamit Cad. No:866 MAMAK/ANKARA
128[+] postal_code : None
129[+] emails : None
130[+] created : 2008-04-03T12:28:27Z
131[+] updated : 2017-07-17T13:32:57Z
132
133[+] Crawling Target...
134
135[+] Looking for robots.txt........[ Found ]
136[+] Extracting robots Links.......[ 3 ]
137[+] Looking for sitemap.xml.......[ Not Found ]
138[+] Extracting CSS Links..........[ 16 ]
139[+] Extracting Javascript Links...[ 26 ]
140[+] Extracting Internal Links.....[ 9 ]
141[+] Extracting External Links.....[ 18 ]
142[+] Extracting Images.............[ 36 ]
143
144[+] Total Links Extracted : 108
145
146[+] Dumping Links in /opt/FinalRecon/dumps/www.kosgeb.gov.tr.dump
147[+] Completed!
148#######################################################################################################################################
149[+] Starting At 2019-11-10 22:52:54.596431
150[+] Collecting Information On: https://www.kosgeb.gov.tr/
151[#] Status: 200
152--------------------------------------------------
153[#] Web Server Detected: Microsoft-IIS/8.5
154[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
155- Cache-Control: private
156- Content-Type: text/html; charset=utf-8
157- Content-Encoding: gzip
158- Vary: Accept-Encoding
159- Server: Microsoft-IIS/8.5
160- Set-Cookie: ASP.NET_SessionId=b5msvrx05liey0gxn012gunt; path=/; HttpOnly
161- X-AspNet-Version: 4.0.30319
162- Date: Mon, 11 Nov 2019 03:52:55 GMT
163- Content-Length: 18272
164--------------------------------------------------
165[#] Finding Location..!
166[#] status: success
167[#] country: Turkey
168[#] countryCode: TR
169[#] region: 06
170[#] regionName: Ankara
171[#] city: Ankara
172[#] zip: 06520
173[#] lat: 39.9058
174[#] lon: 32.8191
175[#] timezone: Europe/Istanbul
176[#] isp: Turk Telekomunikasyon Anonim Sirketi
177[#] org: Kosgeb
178[#] as: AS9121 Turk Telekomunikasyon Anonim Sirketi
179[#] query: 88.255.226.247
180--------------------------------------------------
181[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
182--------------------------------------------------
183[#] Starting Reverse DNS
184[-] Failed ! Fail
185--------------------------------------------------
186[!] Scanning Open Port
187[#] 80/tcp open http
188[#] 443/tcp open https
189--------------------------------------------------
190[+] Collecting Information Disclosure!
191[#] Detecting sitemap.xml file
192[-] sitemap.xml file not Found!?
193[#] Detecting robots.txt file
194[!] robots.txt File Found: https://www.kosgeb.gov.tr//robots.txt
195[#] Detecting GNU Mailman
196[-] GNU Mailman App Not Detected!?
197--------------------------------------------------
198[+] Crawling Url Parameter On: https://www.kosgeb.gov.tr/
199--------------------------------------------------
200[#] Searching Html Form !
201[+] Html Form Discovered
202[#] action: /site/tr/genel/arama
203[#] class: ['search-box']
204[#] id: None
205[#] method: get
206--------------------------------------------------
207[!] Found 6 dom parameter
208[#] https://www.kosgeb.gov.tr//#
209[#] https://www.kosgeb.gov.tr//#client-carousel-news
210[#] https://www.kosgeb.gov.tr//#client-carousel-news
211[#] https://www.kosgeb.gov.tr//#client-carousel
212[#] https://www.kosgeb.gov.tr//#client-carousel
213[#] https://www.kosgeb.gov.tr//#
214--------------------------------------------------
215[!] 4 Internal Dynamic Parameter Discovered
216[+] https://www.kosgeb.gov.tr///Web/Content/assets/plugins/ninja-slider/ninja-slider.css?v=1.05
217[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/Ortak.css?v=1.05
218[+] https://www.kosgeb.gov.tr///Web/Content/assets/plugins/FuncyBox/jquery.fancybox.css?v=1.05
219[+] https://edevlet.kosgeb.gov.tr/OAuth.aspx?h=d9e66e8a-a6e1-4e2f-941b-69ec050c849f
220--------------------------------------------------
221[!] 3 External Dynamic Parameter Discovered
222[#] https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700,800
223[#] https://fonts.googleapis.com/css?family=Oswald:400,300,700
224[#] https://envanter.kaysis.gov.tr/?Kurum=80228899
225--------------------------------------------------
226[!] 192 Internal links Discovered
227[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-57x57.png
228[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-57x57.png
229[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-60x60.png
230[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-72x72.png
231[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-76x76.png
232[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-114x114.png
233[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-120x120.png
234[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-144x144.png
235[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-152x152.png
236[+] https://www.kosgeb.gov.tr///content/favicon/apple-icon-180x180.png
237[+] https://www.kosgeb.gov.tr///content/favicon/android-icon-192x192.png
238[+] https://www.kosgeb.gov.tr///content/favicon/favicon-32x32.png
239[+] https://www.kosgeb.gov.tr///content/favicon/favicon-96x96.png
240[+] https://www.kosgeb.gov.tr///content/favicon/favicon-16x16.png
241[+] https://www.kosgeb.gov.tr///content/favicon/manifest.json
242[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/bootstrap.css
243[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/bootstrap-multiselect.css
244[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/sumoselect.css
245[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/fonts/font-awesome/css/font-awesome.css
246[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/animations.css
247[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/superfish.css
248[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/revolution-slider/css/settings.css
249[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/prettyPhoto.css
250[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/style.css
251[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/menu/style.css
252[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/menu/fontello.css
253[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/colors/blue.css
254[+] https://www.kosgeb.gov.tr///Web/Content/assets/css/theme-responsive.css
255[+] https://www.kosgeb.gov.tr///site/tr/genel/iletisim
256[+] https://www.kosgeb.gov.tr///site/tr/genel/medyatakip
257[+] http://en.kosgeb.gov.tr
258[+] https://www.kosgeb.gov.tr///site/tr/genel/iletisim
259[+] https://www.kosgeb.gov.tr///site/tr/genel/medyatakip
260[+] http://en.kosgeb.gov.tr
261[+] https://edevlet.kosgeb.gov.tr/
262[+] https://www.kosgeb.gov.tr///site
263[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/6164/baskan
264[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/40/teskilat-semasi
265[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/6165/mevzuat
266[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/31/genel-kurul-ve-icra-komitesi
267[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/39/istirakler
268[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/35/vizyon-misyon-ve-temel-degerler
269[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/38/plan-raporlar-ve-mali-tablolar
270[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/6340/kvkk-aydinlatma-metni
271[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/2/duyurular
272[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/10/egitim-duyurulari
273[+] https://www.kosgeb.gov.tr///site/tr/baglanti/fuarliste
274[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/13/genel-duyurular
275[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/16/avrupa-isletmeler-agi-is-birligi-duyurulari
276[+] https://www.kosgeb.gov.tr///site/tr/baglanti/ugeliste
277[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/19/ab-ile-ilgili-proje-duyurulari
278[+] https://www.kosgeb.gov.tr///site/tr/baglanti/yigliste/0/yurt-disi-is-gezisi-duyurulari
279[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/6190/finansman-duyurulari
280[+] https://www.kosgeb.gov.tr///site/tr/genel/destekler/3/destekler
281[+] https://www.kosgeb.gov.tr///site/tr/genel/destekler/6312/girisimcilik-destekleri
282[+] https://www.kosgeb.gov.tr///site/tr/genel/destekler/6313/arge-teknolojik-uretim-ve-yerlilestirme-destekleri
283[+] https://www.kosgeb.gov.tr///site/tr/genel/destekler/6314/isletme-gelistirme-buyume-ve-uluslararasilasma-destekleri
284[+] https://www.kosgeb.gov.tr///site/tr/genel/destekler/6315/kobi-finansman-destekleri
285[+] https://www.kosgeb.gov.tr///site/tr/genel/destekler/6316/laboratuvar-hizmetleri
286[+] https://www.kosgeb.gov.tr///site/tr/genel/destekler/6343/isgemtekmer-programi
287[+] https://edevlet.kosgeb.gov.tr/EHizmetler.aspx
288[+] https://www.kosgeb.gov.tr///site/tr/genel/kobimiyim/0/kobimiyim-testi
289[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/180/nereden-baslamaliyim
290[+] https://edevlet.kosgeb.gov.tr/EHizmetler/KOSGEBRegistration
291[+] https://www.kosgeb.gov.tr///site/tr/baglanti/DesteklenenSektor
292[+] https://edevlet.kosgeb.gov.tr/EHizmetler.aspx
293[+] https://www.kosgeb.gov.tr///site/tr/genel/iletisim
294[+] https://www.kosgeb.gov.tr///site/tr/genel/iletisim
295[+] https://www.kosgeb.gov.tr///site/tr/genel/mudurlukler
296[+] https://www.kosgeb.gov.tr///site/tr/genel/iletisimmerkezi
297[+] https://www.kosgeb.gov.tr///site/tr/genel/sss
298[+] https://www.kosgeb.gov.tr/site/tr/genel/detay/7226/geleneksel-girisimciye-50-bin-tlye-kadar-finansman-destegi
299[+] https://www.kosgeb.gov.tr/site/tr/media/detay/7219/2019-ekim-edergi
300[+] https://www.kosgeb.gov.tr/site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
301[+] https://lms.kosgeb.gov.tr/
302[+] http://www.kosgeb.gov.tr/site/tr/genel/detay/7137/yurtdisi-pazar-destek-programi-yururluge-girdi
303[+] https://www.kosgeb.gov.tr/site/tr/genel/destekdetay/6985/isgemtekmer-programi
304[+] https://www.kosgeb.gov.tr/site/tr/genel/detay/7023/kosgeb-6-kobi-ve-girisimcilik-odul-finalistleri
305[+] http://www.kosgeb.gov.tr/site/tr/genel/detay/6316/kobi-ve-girisimcilerimizin-dikkatine
306[+] https://www.kosgeb.gov.tr///site/tr/genel/destekler/3/destekler
307[+] https://lms.kosgeb.gov.tr/
308[+] https://www.kosgeb.gov.tr/site/tr/genel/detay/7146/isletme-degerlendirme-raporu-basvurusu
309[+] https://edevlet.kosgeb.gov.tr
310[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/4/tum-haberler
311[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7231/kosgeb-destekli-keskin-nisanci-tufegi
312[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7231/kosgeb-destekli-keskin-nisanci-tufegi
313[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7231/kosgeb-destekli-keskin-nisanci-tufegi
314[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7231/kosgeb-destekli-keskin-nisanci-tufegi
315[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7228/isletme-degerlendirme-raporu-begeni-topluyor
316[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7228/isletme-degerlendirme-raporu-begeni-topluyor
317[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7228/isletme-degerlendirme-raporu-begeni-topluyor
318[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7228/isletme-degerlendirme-raporu-begeni-topluyor
319[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7225/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
320[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7225/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
321[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7225/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
322[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7225/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
323[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7224/kosgeb-baskani-uzkurt-hisiad-heyetini-kabul-etti
324[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7224/kosgeb-baskani-uzkurt-hisiad-heyetini-kabul-etti
325[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7224/kosgeb-baskani-uzkurt-hisiad-heyetini-kabul-etti
326[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7224/kosgeb-baskani-uzkurt-hisiad-heyetini-kabul-etti
327[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7223/kosgeb-guney-asyaya-aciliyor
328[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7223/kosgeb-guney-asyaya-aciliyor
329[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7223/kosgeb-guney-asyaya-aciliyor
330[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7223/kosgeb-guney-asyaya-aciliyor
331[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7222/diyarbakirda-esnafla-bulustu-kosgeb-desteklerini-anlatti
332[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7222/diyarbakirda-esnafla-bulustu-kosgeb-desteklerini-anlatti
333[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7222/diyarbakirda-esnafla-bulustu-kosgeb-desteklerini-anlatti
334[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7222/diyarbakirda-esnafla-bulustu-kosgeb-desteklerini-anlatti
335[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7221/kosgeb-baskani-prof-uzkurt-mardinde
336[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7221/kosgeb-baskani-prof-uzkurt-mardinde
337[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7221/kosgeb-baskani-prof-uzkurt-mardinde
338[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7221/kosgeb-baskani-prof-uzkurt-mardinde
339[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7210/sirbistan-ile-kobi-is-birligi
340[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7210/sirbistan-ile-kobi-is-birligi
341[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7210/sirbistan-ile-kobi-is-birligi
342[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7210/sirbistan-ile-kobi-is-birligi
343[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7207/sri-lanka-buyukelcisinden-kosgebe-ziyaret
344[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7207/sri-lanka-buyukelcisinden-kosgebe-ziyaret
345[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7207/sri-lanka-buyukelcisinden-kosgebe-ziyaret
346[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7207/sri-lanka-buyukelcisinden-kosgebe-ziyaret
347[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7168/basin-aciklamasi
348[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7168/basin-aciklamasi
349[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7168/basin-aciklamasi
350[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7168/basin-aciklamasi
351[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7166/kosgeb-baskani-uzkurt-isletmeye-ozgu-destekler-verme-asamasina-gececegiz
352[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7166/kosgeb-baskani-uzkurt-isletmeye-ozgu-destekler-verme-asamasina-gececegiz
353[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7166/kosgeb-baskani-uzkurt-isletmeye-ozgu-destekler-verme-asamasina-gececegiz
354[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7166/kosgeb-baskani-uzkurt-isletmeye-ozgu-destekler-verme-asamasina-gececegiz
355[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
356[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
357[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
358[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
359[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7136/kosgebden-kobileri-cesaretlendirecek-adim
360[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7136/kosgebden-kobileri-cesaretlendirecek-adim
361[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7136/kosgebden-kobileri-cesaretlendirecek-adim
362[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7136/kosgebden-kobileri-cesaretlendirecek-adim
363[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7130/kosgeb-baskani-prof-uzkurt-eminonu-esnafina-seslendi
364[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7130/kosgeb-baskani-prof-uzkurt-eminonu-esnafina-seslendi
365[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7130/kosgeb-baskani-prof-uzkurt-eminonu-esnafina-seslendi
366[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7130/kosgeb-baskani-prof-uzkurt-eminonu-esnafina-seslendi
367[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
368[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
369[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
370[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
371[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
372[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
373[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
374[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
375[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/2/duyurular
376[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/2/duyurular
377[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7230/ab-frit1-gecici-koruma-saglanan-suriyeliler-ve-turk-vatandaslari-icin-isletmelerin-ve-girisimciligin-gelistirilmesi-projesi-girisimcilik-programi-basvuru-sure-uzatimi
378[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7229/ab-frit1-gecici-koruma-saglanan-suriyeliler-ve-turk-vatandaslari-icin-isletmelerin-ve-girisimciligin-gelistirilmesi-projesi-proje-destek-programi-1-proje-teklif-cagrisi-proje-basvuru-sureci
379[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7208/kosgeb-antalya-mudurlugu-destek-programlari-bilgilendirme-toplantisi
380[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/7147/tobb-turkiye-100-yarismasi
381[+] https://www.kosgeb.gov.tr///site/tr/video/default/0/video-haber
382[+] https://www.kosgeb.gov.tr///site/tr/video/detay/232/kobiler-icin-yeni-destek-paketi
383[+] https://www.kosgeb.gov.tr///site/tr/video/detay/232/kobiler-icin-yeni-destek-paketi
384[+] https://www.kosgeb.gov.tr///site/tr/video/detay/231/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
385[+] https://www.kosgeb.gov.tr///site/tr/video/detay/231/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
386[+] https://www.kosgeb.gov.tr///site/tr/video/detay/230/kosgeb-isletme-degerlendirme-raporu
387[+] https://www.kosgeb.gov.tr///site/tr/video/detay/230/kosgeb-isletme-degerlendirme-raporu
388[+] https://www.kosgeb.gov.tr///site/tr/video/detay/229/kosgeb-baskani-trt-haberin-canli-yayin-konugu
389[+] https://www.kosgeb.gov.tr///site/tr/video/detay/229/kosgeb-baskani-trt-haberin-canli-yayin-konugu
390[+] https://www.kosgeb.gov.tr///site/tr/video/detay/228/kosgebden-dev-hizmet
391[+] https://www.kosgeb.gov.tr///site/tr/video/detay/228/kosgebden-dev-hizmet
392[+] https://www.kosgeb.gov.tr///site/tr/video/detay/227/isletme-degerlendirme-raporu-yururluge-girdi
393[+] https://www.kosgeb.gov.tr///site/tr/video/detay/227/isletme-degerlendirme-raporu-yururluge-girdi
394[+] https://www.kosgeb.gov.tr///site/tr/video/detay/226/kosgeb-kobilerin-karnesini-cikardi
395[+] https://www.kosgeb.gov.tr///site/tr/video/detay/226/kosgeb-kobilerin-karnesini-cikardi
396[+] https://www.kosgeb.gov.tr///site/tr/video/detay/225/ilk-kez-yurt-disina-acilacak-kobilere-300-bin-tl-destek
397[+] https://www.kosgeb.gov.tr///site/tr/video/detay/225/ilk-kez-yurt-disina-acilacak-kobilere-300-bin-tl-destek
398[+] https://www.kosgeb.gov.tr///site/tr/genel/kobimiyim/0/kobimiyim-testi
399[+] https://www.kosgeb.gov.tr///site/tr/genel/sss/0/sikca-sorulan-sorular
400[+] http://temsilcilik.kosgeb.gov.tr/
401[+] https://www.kosgeb.gov.tr///site/tr/genel/haftaninkobisi/0/haftanin-kobi-girisimcisi
402[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/5686/turkiye-avrupa-birligi-iliskileri
403[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/43/cosme
404[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/203/ekatalog-edergi
405[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/6228/uluslararasi-iliskiler
406[+] https://www.kosgeb.gov.tr///site/tr/genel/IletisimMerkezi
407[+] https://www.kosgeb.gov.tr///site/tr/genel/IletisimMerkezi
408[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/10/egitim-duyurulari
409[+] https://www.kosgeb.gov.tr///site/tr/baglanti/fuarliste/0/yutici-fuar-duyurulari
410[+] https://www.kosgeb.gov.tr///site/tr/baglanti/yigliste/0/yurt-disi-is-gezisi-duyurulari
411[+] https://www.kosgeb.gov.tr///site/tr/genel/liste/13/genel-duyurular
412[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/180/nereden-baslamaliyim
413[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/176/veritabanina-nasil-kayit-olunur
414[+] https://www.kosgeb.gov.tr///site/tr/genel/detay/178/kobi-beyannamesi-nasil-doldurulur
415[+] https://www.kosgeb.gov.tr///site/tr/baglanti/DesteklenenSektor
416[+] http://destek.kosgeb.gov.tr/
417[+] http://kds.kosgeb.gov.tr/UI/UILogin.aspx
418[+] https://www.kosgeb.gov.tr/site/tr/genel/IletisimMerkezi
419--------------------------------------------------
420[!] 12 External links Discovered
421[#] https://www.facebook.com/kosgeb
422[#] https://twitter.com/kosgeb
423[#] https://www.instagram.com/kosgeb
424[#] https://www.youtube.com/channel/UCjwIQcxE6-Jvv_kfUYcAlRQ
425[#] https://www.facebook.com/kosgeb
426[#] https://twitter.com/kosgeb
427[#] https://www.instagram.com/kosgeb
428[#] https://www.youtube.com/channel/UCjwIQcxE6-Jvv_kfUYcAlRQ
429[#] https://www.sanayi.gov.tr/
430[#] http://www.kobivegirisimcilikodulleri.gov.tr
431[#] http://www.cimer.gov.tr
432[#] https://www.sanayi.gov.tr/
433--------------------------------------------------
434[#] Mapping Subdomain..
435[!] Found 44 Subdomain
436- ns1.kosgeb.gov.tr
437- ns2.kosgeb.gov.tr
438- ww2.kosgeb.gov.tr
439- bilisim2017.kosgeb.gov.tr
440- sifirfaiz2017.kosgeb.gov.tr
441- media.kosgeb.gov.tr
442- imsva.kosgeb.gov.tr
443- cd.kosgeb.gov.tr
444- cdd.kosgeb.gov.tr
445- cosme.kosgeb.gov.tr
446- cevre.kosgeb.gov.tr
447- tekhedef.kosgeb.gov.tr
448- webconf.kosgeb.gov.tr
449- sbg.kosgeb.gov.tr
450- kredi.kosgeb.gov.tr
451- ikitelli.kosgeb.gov.tr
452- kobivegirisimcilikodulleri.kosgeb.gov.tr
453- yardimmasasi.kosgeb.gov.tr
454- iekdk.kosgeb.gov.tr
455- destek.kosgeb.gov.tr
456- lmsdestek.kosgeb.gov.tr
457- temsilcilik.kosgeb.gov.tr
458- vk.kosgeb.gov.tr
459- destekpersonel.kosgeb.gov.tr
460- mail.kosgeb.gov.tr
461- kbsmail.kosgeb.gov.tr
462- ukm.kosgeb.gov.tr
463- dokuman.kosgeb.gov.tr
464- en.kosgeb.gov.tr
465- een.kosgeb.gov.tr
466- bulten.kosgeb.gov.tr
467- sip.kosgeb.gov.tr
468- kbs.kosgeb.gov.tr
469- kds.kosgeb.gov.tr
470- ms.kosgeb.gov.tr
471- lms.kosgeb.gov.tr
472- lrs.kosgeb.gov.tr
473- ekampus.kosgeb.gov.tr
474- kobikampus.kosgeb.gov.tr
475- edevlet.kosgeb.gov.tr
476- management.kosgeb.gov.tr
477- yardimmasasitest.kosgeb.gov.tr
478- www.kosgeb.gov.tr
479- sifirfaiz.kosgeb.gov.tr
480--------------------------------------------------
481[!] Done At 2019-11-10 22:53:16.942279
482#######################################################################################################################################
483[i] Scanning Site: https://www.kosgeb.gov.tr
484
485
486
487B A S I C I N F O
488====================
489
490
491[+] Site Title: KOSGEB T.C. Küçük ve Orta Ölçekli İşletmeleri Geliştirme ve Destekleme İdaresi Başkanlığı
492[+] IP address: 88.255.226.247
493[+] Web Server: Microsoft-IIS/8.5
494[+] CMS: Could Not Detect
495[+] Cloudflare: Not Detected
496[+] Robots File: Found
497
498-------------[ contents ]----------------
499User-agent: *
500Disallow: /kosgeb.gov.tr/PhoneBook/
501Disallow: /kosgeb.gov.tr/Admin/
502Disallow: /kosgeb.gov.tr/Content/Upload/Resim/TeskilatSemasi.png
503-----------[end of contents]-------------
504
505
506
507W H O I S L O O K U P
508========================
509
510 ** Domain Name: kosgeb.gov.tr
511
512** Registrant:
513 KOSGEB Başkanlığı
514 MKEK Binası 9.Kat Tandoğan
515 06330
516 Ankara,
517 Türkiye
518 mgunay@kosgeb.gov.tr
519 + 90-312-2128190-
520 + 90-312-2238769
521
522
523** Administrative Contact:
524NIC Handle : kvo9-metu
525Organization Name : Küçük ve Orta Ölçekli İşletmeleri Geliştirme ve Destekleme İdaresi Başkanlığı
526Address : Anafartalar Mah. İstanbul Cad. No: 32
527 06050 Ulus / Altındağ / ANKARA
528 Ankara,06050
529 Türkiye
530Phone : + 90-312-5952800-2771
531Fax : + 90-312-3680715-
532
533
534** Technical Contact:
535NIC Handle : kvo9-metu
536Organization Name : Küçük ve Orta Ölçekli İşletmeleri Geliştirme ve Destekleme İdaresi Başkanlığı
537Address : Anafartalar Mah. İstanbul Cad. No: 32
538 06050 Ulus / Altındağ / ANKARA
539 Ankara,06050
540 Türkiye
541Phone : + 90-312-5952800-2771
542Fax : + 90-312-3680715-
543
544
545** Billing Contact:
546NIC Handle : kvo9-metu
547Organization Name : Küçük ve Orta Ölçekli İşletmeleri Geliştirme ve Destekleme İdaresi Başkanlığı
548Address : Anafartalar Mah. İstanbul Cad. No: 32
549 06050 Ulus / Altındağ / ANKARA
550 Ankara,06050
551 Türkiye
552Phone : + 90-312-5952800-2771
553Fax : + 90-312-3680715-
554
555
556** Domain Servers:
557ns1.kosgeb.gov.tr 88.255.226.131
558ns2.kosgeb.gov.tr 88.255.226.140
559
560** Additional Info:
561Created on..............: 1997-May-01.
562Expires on..............: 2021-Apr-30.
563
564
565
566
567G E O I P L O O K U P
568=========================
569
570[i] IP Address: 88.255.226.247
571[i] Country: Turkey
572[i] State: Ankara
573[i] City: Ankara
574[i] Latitude: 39.923
575[i] Longitude: 32.8378
576
577
578
579
580H T T P H E A D E R S
581=======================
582
583
584[i] HTTP/1.1 200 OK
585[i] Cache-Control: private
586[i] Content-Type: text/html; charset=utf-8
587[i] Server: Microsoft-IIS/8.5
588[i] Set-Cookie: ASP.NET_SessionId=2bpzfjmut45tfwo3lifkkkpq; path=/; HttpOnly
589[i] X-AspNet-Version: 4.0.30319
590[i] Date: Mon, 11 Nov 2019 03:52:55 GMT
591[i] Connection: close
592[i] Content-Length: 102812
593
594
595
596
597D N S L O O K U P
598===================
599
600kosgeb.gov.tr. 3599 IN A 88.255.226.247
601kosgeb.gov.tr. 3599 IN NS ns2.kosgeb.gov.tr.
602kosgeb.gov.tr. 3599 IN NS ns1.kosgeb.gov.tr.
603kosgeb.gov.tr. 3599 IN SOA ns1.kosgeb.gov.tr. hostmaster. 2015112865 100 600 86400 3600
604kosgeb.gov.tr. 3599 IN MX 2 imsva.kosgeb.gov.tr.
605kosgeb.gov.tr. 3599 IN TXT "v=spf1 a mx ptr mx:imsva.kosgeb.gov.tr ip4:88.255.226.216 -all"
606
607
608
609
610S U B N E T C A L C U L A T I O N
611====================================
612
613Address = 88.255.226.247
614Network = 88.255.226.247 / 32
615Netmask = 255.255.255.255
616Broadcast = not needed on Point-to-Point links
617Wildcard Mask = 0.0.0.0
618Hosts Bits = 0
619Max. Hosts = 1 (2^0 - 0)
620Host Range = { 88.255.226.247 - 88.255.226.247 }
621
622
623
624N M A P P O R T S C A N
625============================
626
627Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-11 03:52 UTC
628Nmap scan report for kosgeb.gov.tr (88.255.226.247)
629Host is up (0.13s latency).
630rDNS record for 88.255.226.247: 88.255.226.247.static.ttnet.com.tr
631
632PORT STATE SERVICE
63321/tcp filtered ftp
63422/tcp filtered ssh
63523/tcp filtered telnet
63680/tcp open http
637110/tcp filtered pop3
638143/tcp filtered imap
639443/tcp open https
6403389/tcp filtered ms-wbt-server
641
642Nmap done: 1 IP address (1 host up) scanned in 2.74 seconds
643
644
645
646S U B - D O M A I N F I N D E R
647==================================
648
649
650[i] Total Subdomains Found : 43
651
652[+] Subdomain: ns2.kosgeb.gov.tr
653[-] IP: 88.255.226.140
654
655[+] Subdomain: ww2.kosgeb.gov.tr
656[-] IP: 88.255.226.212
657
658[+] Subdomain: bilisim2017.kosgeb.gov.tr
659[-] IP: 88.255.226.253
660
661[+] Subdomain: sifirfaiz2017.kosgeb.gov.tr
662[-] IP: 88.255.226.237
663
664[+] Subdomain: media.kosgeb.gov.tr
665[-] IP: 88.255.226.243
666
667[+] Subdomain: imsva.kosgeb.gov.tr
668[-] IP: 88.255.226.216
669
670[+] Subdomain: cd.kosgeb.gov.tr
671[-] IP: 88.255.226.140
672
673[+] Subdomain: cdd.kosgeb.gov.tr
674[-] IP: 88.255.226.231
675
676[+] Subdomain: cosme.kosgeb.gov.tr
677[-] IP: 88.255.226.253
678
679[+] Subdomain: cevre.kosgeb.gov.tr
680[-] IP: 88.255.226.140
681
682[+] Subdomain: tekhedef.kosgeb.gov.tr
683[-] IP: 88.255.226.140
684
685[+] Subdomain: webconf.kosgeb.gov.tr
686[-] IP: 88.255.226.228
687
688[+] Subdomain: sbg.kosgeb.gov.tr
689[-] IP: 88.255.226.201
690
691[+] Subdomain: kredi.kosgeb.gov.tr
692[-] IP: 88.255.226.156
693
694[+] Subdomain: ikitelli.kosgeb.gov.tr
695[-] IP: 88.255.226.140
696
697[+] Subdomain: kobivegirisimcilikodulleri.kosgeb.gov.tr
698[-] IP: 88.255.226.147
699
700[+] Subdomain: yardimmasasi.kosgeb.gov.tr
701[-] IP: 88.255.226.233
702
703[+] Subdomain: iekdk.kosgeb.gov.tr
704[-] IP: 88.255.226.157
705
706[+] Subdomain: destek.kosgeb.gov.tr
707[-] IP: 88.255.226.147
708
709[+] Subdomain: lmsdestek.kosgeb.gov.tr
710[-] IP: 88.255.226.240
711
712[+] Subdomain: temsilcilik.kosgeb.gov.tr
713[-] IP: 88.255.226.184
714
715[+] Subdomain: vk.kosgeb.gov.tr
716[-] IP: 88.255.226.225
717
718[+] Subdomain: destekpersonel.kosgeb.gov.tr
719[-] IP: 88.255.226.223
720
721[+] Subdomain: mail.kosgeb.gov.tr
722[-] IP: 88.255.226.138
723
724[+] Subdomain: kbsmail.kosgeb.gov.tr
725[-] IP: 88.255.226.216
726
727[+] Subdomain: ukm.kosgeb.gov.tr
728[-] IP: 88.255.226.183
729
730[+] Subdomain: dokuman.kosgeb.gov.tr
731[-] IP: 88.255.226.140
732
733[+] Subdomain: en.kosgeb.gov.tr
734[-] IP: 88.255.226.247
735
736[+] Subdomain: een.kosgeb.gov.tr
737[-] IP: 88.255.226.140
738
739[+] Subdomain: bulten.kosgeb.gov.tr
740[-] IP: 88.255.226.139
741
742[+] Subdomain: sip.kosgeb.gov.tr
743[-] IP: 88.255.226.227
744
745[+] Subdomain: kbs.kosgeb.gov.tr
746[-] IP: 88.255.226.210
747
748[+] Subdomain: kds.kosgeb.gov.tr
749[-] IP: 88.255.226.230
750
751[+] Subdomain: ms.kosgeb.gov.tr
752[-] IP: 88.255.226.243
753
754[+] Subdomain: lms.kosgeb.gov.tr
755[-] IP: 88.255.226.239
756
757[+] Subdomain: lrs.kosgeb.gov.tr
758[-] IP: 88.255.226.244
759
760[+] Subdomain: ekampus.kosgeb.gov.tr
761[-] IP: 88.255.226.222
762
763[+] Subdomain: kobikampus.kosgeb.gov.tr
764[-] IP: 88.255.226.213
765
766[+] Subdomain: edevlet.kosgeb.gov.tr
767[-] IP: 88.255.226.237
768
769[+] Subdomain: management.kosgeb.gov.tr
770[-] IP: 88.255.226.142
771
772[+] Subdomain: yardimmasasitest.kosgeb.gov.tr
773[-] IP: 88.255.226.233
774
775[+] Subdomain: www.kosgeb.gov.tr
776[-] IP: 88.255.226.247
777
778[+] Subdomain: sifirfaiz.kosgeb.gov.tr
779[-] IP: 88.255.226.236
780######################################################################################################################################
781[INFO] ------TARGET info------
782[*] TARGET: https://www.kosgeb.gov.tr/
783[*] TARGET IP: 88.255.226.247
784[INFO] NO load balancer detected for www.kosgeb.gov.tr...
785[*] DNS servers: ns1.kosgeb.gov.tr.
786[*] TARGET server: Microsoft-IIS/8.5
787[*] CC: TR
788[*] Country: Turkey
789[*] RegionCode: 06
790[*] RegionName: Ankara
791[*] City: Ankara
792[*] ASN: AS9121
793[*] BGP_PREFIX: 88.224.0.0/11
794[*] ISP: TTNet Turk Telekomunikasyon Anonim Sirketi, TR
795[INFO] SSL/HTTPS certificate detected
796[*] Issuer: issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
797[*] Subject: subject=OU = Domain Control Validated, CN = *.kosgeb.gov.tr
798[INFO] DNS enumeration:
799[*] beta.kosgeb.gov.tr www2.kosgeb.gov.tr.
800[*] intranet.kosgeb.gov.tr kds.kosgeb.gov.tr. 88.255.226.230
801[*] mail.kosgeb.gov.tr 88.255.226.138
802[*] ns1.kosgeb.gov.tr 88.255.226.131
803[*] ns2.kosgeb.gov.tr 88.255.226.140
804[*] webconf.kosgeb.gov.tr 88.255.226.228
805[INFO] Possible abuse mails are:
806[*] abuse@kosgeb.gov.tr
807[*] abuse@ttnet.com.tr
808[*] abuse@www.kosgeb.gov.tr
809[INFO] NO PAC (Proxy Auto Configuration) file FOUND
810[ALERT] robots.txt file FOUND in http://www.kosgeb.gov.tr/robots.txt
811[INFO] Checking for HTTP status codes recursively from http://www.kosgeb.gov.tr/robots.txt
812[INFO] Status code Folders
813[INFO] Starting FUZZing in http://www.kosgeb.gov.tr/FUzZzZzZzZz...
814[INFO] Status code Folders
815[ALERT] Look in the source code. It may contain passwords
816[INFO] Links found from https://www.kosgeb.gov.tr/ http://88.255.226.247/:
817[*] http://destek.kosgeb.gov.tr/
818[*] http://en.kosgeb.gov.tr/
819[*] http://kds.kosgeb.gov.tr/UI/UILogin.aspx
820[*] https://edevlet.kosgeb.gov.tr/
821[*] https://edevlet.kosgeb.gov.tr/EHizmetler.aspx
822[*] https://edevlet.kosgeb.gov.tr/EHizmetler/KOSGEBRegistration
823[*] https://edevlet.kosgeb.gov.tr/OAuth.aspx?h=d9e66e8a-a6e1-4e2f-941b-69ec050c849f
824[*] https://envanter.kaysis.gov.tr/?Kurum=80228899
825[*] https://lms.kosgeb.gov.tr/
826[*] https://twitter.com/kosgeb
827[*] https://www.facebook.com/kosgeb
828[*] https://www.instagram.com/kosgeb
829[*] https://www.kosgeb.gov.tr/
830[*] https://www.kosgeb.gov.tr/#client-carousel
831[*] https://www.kosgeb.gov.tr/#client-carousel-news
832[*] https://www.kosgeb.gov.tr/site
833[*] https://www.kosgeb.gov.tr/site/tr/baglanti/DesteklenenSektor
834[*] https://www.kosgeb.gov.tr/site/tr/baglanti/fuarliste
835[*] https://www.kosgeb.gov.tr/site/tr/baglanti/fuarliste/0/yutici-fuar-duyurulari
836[*] https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste
837[*] https://www.kosgeb.gov.tr/site/tr/baglanti/yigliste/0/yurt-disi-is-gezisi-duyurulari
838[*] https://www.kosgeb.gov.tr/site/tr/genel/destekdetay/6985/isgemtekmer-programi
839[*] https://www.kosgeb.gov.tr/site/tr/genel/destekler/3/destekler
840[*] https://www.kosgeb.gov.tr/site/tr/genel/destekler/6312/girisimcilik-destekleri
841[*] https://www.kosgeb.gov.tr/site/tr/genel/destekler/6313/arge-teknolojik-uretim-ve-yerlilestirme-destekleri
842[*] https://www.kosgeb.gov.tr/site/tr/genel/destekler/6314/isletme-gelistirme-buyume-ve-uluslararasilasma-destekleri
843[*] https://www.kosgeb.gov.tr/site/tr/genel/destekler/6315/kobi-finansman-destekleri
844[*] https://www.kosgeb.gov.tr/site/tr/genel/destekler/6316/laboratuvar-hizmetleri
845[*] https://www.kosgeb.gov.tr/site/tr/genel/destekler/6343/isgemtekmer-programi
846[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/176/veritabanina-nasil-kayit-olunur
847[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/178/kobi-beyannamesi-nasil-doldurulur
848[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/180/nereden-baslamaliyim
849[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/203/ekatalog-edergi
850[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/5686/turkiye-avrupa-birligi-iliskileri
851[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7023/kosgeb-6-kobi-ve-girisimcilik-odul-finalistleri
852[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
853[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7130/kosgeb-baskani-prof-uzkurt-eminonu-esnafina-seslendi
854[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7136/kosgebden-kobileri-cesaretlendirecek-adim
855[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7146/isletme-degerlendirme-raporu-basvurusu
856[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7147/tobb-turkiye-100-yarismasi
857[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
858[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7166/kosgeb-baskani-uzkurt-isletmeye-ozgu-destekler-verme-asamasina-gececegiz
859[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7168/basin-aciklamasi
860[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7207/sri-lanka-buyukelcisinden-kosgebe-ziyaret
861[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7208/kosgeb-antalya-mudurlugu-destek-programlari-bilgilendirme-toplantisi
862[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7210/sirbistan-ile-kobi-is-birligi
863[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7221/kosgeb-baskani-prof-uzkurt-mardinde
864[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7222/diyarbakirda-esnafla-bulustu-kosgeb-desteklerini-anlatti
865[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7223/kosgeb-guney-asyaya-aciliyor
866[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7224/kosgeb-baskani-uzkurt-hisiad-heyetini-kabul-etti
867[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7225/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
868[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7226/geleneksel-girisimciye-50-bin-tlye-kadar-finansman-destegi
869[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7228/isletme-degerlendirme-raporu-begeni-topluyor
870[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7229/ab-frit1-gecici-koruma-saglanan-suriyeliler-ve-turk-vatandaslari-icin-isletmelerin-ve-girisimciligin-gelistirilmesi-projesi-proje-destek-programi-1-proje-teklif-cagrisi-proje-basvuru-sureci
871[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7230/ab-frit1-gecici-koruma-saglanan-suriyeliler-ve-turk-vatandaslari-icin-isletmelerin-ve-girisimciligin-gelistirilmesi-projesi-girisimcilik-programi-basvuru-sure-uzatimi
872[*] https://www.kosgeb.gov.tr/site/tr/genel/detay/7231/kosgeb-destekli-keskin-nisanci-tufegi
873[*] https://www.kosgeb.gov.tr/site/tr/genel/haftaninkobisi/0/haftanin-kobi-girisimcisi
874[*] https://www.kosgeb.gov.tr/site/tr/genel/iletisim
875[*] https://www.kosgeb.gov.tr/site/tr/genel/IletisimMerkezi
876[*] https://www.kosgeb.gov.tr/site/tr/genel/iletisimmerkezi
877[*] https://www.kosgeb.gov.tr/site/tr/genel/kobimiyim/0/kobimiyim-testi
878[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/10/egitim-duyurulari
879[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/13/genel-duyurular
880[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/16/avrupa-isletmeler-agi-is-birligi-duyurulari
881[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/19/ab-ile-ilgili-proje-duyurulari
882[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/2/duyurular
883[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/31/genel-kurul-ve-icra-komitesi
884[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/35/vizyon-misyon-ve-temel-degerler
885[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/38/plan-raporlar-ve-mali-tablolar
886[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/39/istirakler
887[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/40/teskilat-semasi
888[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/43/cosme
889[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/4/tum-haberler
890[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/6164/baskan
891[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/6165/mevzuat
892[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/6190/finansman-duyurulari
893[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/6228/uluslararasi-iliskiler
894[*] https://www.kosgeb.gov.tr/site/tr/genel/liste/6340/kvkk-aydinlatma-metni
895[*] https://www.kosgeb.gov.tr/site/tr/genel/medyatakip
896[*] https://www.kosgeb.gov.tr/site/tr/genel/mudurlukler
897[*] https://www.kosgeb.gov.tr/site/tr/genel/sss
898[*] https://www.kosgeb.gov.tr/site/tr/genel/sss/0/sikca-sorulan-sorular
899[*] https://www.kosgeb.gov.tr/site/tr/media/detay/7219/2019-ekim-edergi
900[*] https://www.kosgeb.gov.tr/site/tr/video/default/0/video-haber
901[*] https://www.kosgeb.gov.tr/site/tr/video/detay/225/ilk-kez-yurt-disina-acilacak-kobilere-300-bin-tl-destek
902[*] https://www.kosgeb.gov.tr/site/tr/video/detay/226/kosgeb-kobilerin-karnesini-cikardi
903[*] https://www.kosgeb.gov.tr/site/tr/video/detay/227/isletme-degerlendirme-raporu-yururluge-girdi
904[*] https://www.kosgeb.gov.tr/site/tr/video/detay/228/kosgebden-dev-hizmet
905[*] https://www.kosgeb.gov.tr/site/tr/video/detay/229/kosgeb-baskani-trt-haberin-canli-yayin-konugu
906[*] https://www.kosgeb.gov.tr/site/tr/video/detay/230/kosgeb-isletme-degerlendirme-raporu
907[*] https://www.kosgeb.gov.tr/site/tr/video/detay/231/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
908[*] https://www.kosgeb.gov.tr/site/tr/video/detay/232/kobiler-icin-yeni-destek-paketi
909[*] https://www.sanayi.gov.tr/
910[*] https://www.youtube.com/channel/UCjwIQcxE6-Jvv_kfUYcAlRQ
911[*] http://temsilcilik.kosgeb.gov.tr/
912[*] http://www.cimer.gov.tr/
913[*] http://www.kobivegirisimcilikodulleri.gov.tr/
914[*] http://www.kosgeb.gov.tr/site/tr/genel/detay/6316/kobi-ve-girisimcilerimizin-dikkatine
915[*] http://www.kosgeb.gov.tr/site/tr/genel/detay/7137/yurtdisi-pazar-destek-programi-yururluge-girdi
916[INFO] GOOGLE has 3,500,000 results (0.19 seconds) about http://www.kosgeb.gov.tr/
917[INFO] Shodan detected the following opened ports on 88.255.226.247:
918[*] 0
919[*] 1
920[*] 2
921[*] 443
922[*] 6
923[*] 7
924[*] 80
925[INFO] ------VirusTotal SECTION------
926[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
927[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
928[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
929[INFO] ------Alexa Rank SECTION------
930[INFO] Percent of Visitors Rank in Country:
931[INFO] Percent of Search Traffic:
932[INFO] Percent of Unique Visits:
933[INFO] Total Sites Linking In:
934[*] Total Sites
935[INFO] Useful links related to www.kosgeb.gov.tr - 88.255.226.247:
936[*] https://www.virustotal.com/pt/ip-address/88.255.226.247/information/
937[*] https://www.hybrid-analysis.com/search?host=88.255.226.247
938[*] https://www.shodan.io/host/88.255.226.247
939[*] https://www.senderbase.org/lookup/?search_string=88.255.226.247
940[*] https://www.alienvault.com/open-threat-exchange/ip/88.255.226.247
941[*] http://pastebin.com/search?q=88.255.226.247
942[*] http://urlquery.net/search.php?q=88.255.226.247
943[*] http://www.alexa.com/siteinfo/www.kosgeb.gov.tr
944[*] http://www.google.com/safebrowsing/diagnostic?site=www.kosgeb.gov.tr
945[*] https://censys.io/ipv4/88.255.226.247
946[*] https://www.abuseipdb.com/check/88.255.226.247
947[*] https://urlscan.io/search/#88.255.226.247
948[*] https://github.com/search?q=88.255.226.247&type=Code
949[INFO] Useful links related to AS9121 - 88.224.0.0/11:
950[*] http://www.google.com/safebrowsing/diagnostic?site=AS:9121
951[*] https://www.senderbase.org/lookup/?search_string=88.224.0.0/11
952[*] http://bgp.he.net/AS9121
953[*] https://stat.ripe.net/AS9121
954[INFO] Date: 10/11/19 | Time: 22:54:19
955[INFO] Total time: 1 minute(s) and 4 second(s)
956######################################################################################################################################
957;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18518
958;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 2
959
960;; QUESTION SECTION:
961;kosgeb.gov.tr. IN ANY
962
963;; ANSWER SECTION:
964kosgeb.gov.tr. 3600 IN TXT "v=spf1 a mx ptr mx:imsva.kosgeb.gov.tr ip4:88.255.226.216 -all"
965kosgeb.gov.tr. 3600 IN MX 2 imsva.kosgeb.gov.tr.
966kosgeb.gov.tr. 3600 IN SOA ns1.kosgeb.gov.tr. hostmaster. 2015112865 100 600 86400 3600
967kosgeb.gov.tr. 3600 IN A 88.255.226.247
968kosgeb.gov.tr. 3600 IN NS ns2.kosgeb.gov.tr.
969kosgeb.gov.tr. 3600 IN NS ns1.kosgeb.gov.tr.
970
971;; AUTHORITY SECTION:
972kosgeb.gov.tr. 3600 IN NS ns2.kosgeb.gov.tr.
973kosgeb.gov.tr. 3600 IN NS ns1.kosgeb.gov.tr.
974
975;; ADDITIONAL SECTION:
976ns2.kosgeb.gov.tr. 43200 IN A 88.255.226.140
977ns1.kosgeb.gov.tr. 43200 IN A 88.255.226.131
978
979Received 286 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 1219 ms
980######################################################################################################################################
981; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace kosgeb.gov.tr
982;; global options: +cmd
983. 83132 IN NS f.root-servers.net.
984. 83132 IN NS a.root-servers.net.
985. 83132 IN NS i.root-servers.net.
986. 83132 IN NS k.root-servers.net.
987. 83132 IN NS e.root-servers.net.
988. 83132 IN NS c.root-servers.net.
989. 83132 IN NS d.root-servers.net.
990. 83132 IN NS h.root-servers.net.
991. 83132 IN NS j.root-servers.net.
992. 83132 IN NS l.root-servers.net.
993. 83132 IN NS g.root-servers.net.
994. 83132 IN NS b.root-servers.net.
995. 83132 IN NS m.root-servers.net.
996. 83132 IN RRSIG NS 8 0 518400 20191123170000 20191110160000 22545 . ZeVbhDFph+vUqvs60OAMqViL/aSxI7vAC8GFp6jYSXiXm+pSoer4Y+8O xPOFjG7rA6+ZegOrI8vGMrvJ7f9vGUo9ebewCrbfFxHGSmU2B6KBLT35 wpE/XYcFGezT9F5Uss1sDHzx8eOxoWlhqyvaWOUx8XheVU0ELi6vKNLj zwO0tbujjREOoAURsQ6bMd95xvK3OCwp30a2E3x3hTd2fsE4/by4CJRg jWQ3gzvkjwHAcZnkFxOi+v4w9fcTJHce6klv4sltucwGR5FNHeenMxSt Lelk2HKGWBOlBcp+aJYfcMSoOheIeH/rz0N5xJDtAuY42efakHB8OeI9 MLfeyQ==
997;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 67 ms
998
999tr. 172800 IN NS ns21.nic.tr.
1000tr. 172800 IN NS ns22.nic.tr.
1001tr. 172800 IN NS ns31.nic.tr.
1002tr. 172800 IN NS ns41.nic.tr.
1003tr. 172800 IN NS ns42.nic.tr.
1004tr. 172800 IN NS ns91.nic.tr.
1005tr. 172800 IN NS ns92.nic.tr.
1006tr. 86400 IN NSEC trade. NS RRSIG NSEC
1007tr. 86400 IN RRSIG NSEC 8 1 86400 20191123170000 20191110160000 22545 . ZX9budCWY+WDrG8oqYujk/WJsTbFnaMLZLVOMdG9Y9AV3vPuDht3vUq3 xKlufTRLLc19evGs9p3/aJHdBlClv+kPc76/KU54uVhtTaNXVroUnTfp JVQvH+0Bf41ECaTjefTjfaJutqx8ETDeflCQV+zMVVZ8mlgxzAci8ufE FMutFR5oErOqQiwQa1M8SFNDvnyjejJmHCMvma7fXD4CURQsJfcrEbDd wvYszKVCXY1lwB5CdV5586y5q/tLFQSVvxrytZ2W7Gyhx/dNDa+cXUsT jxg5h3WLqZF7nE0Jc6ukPAVFLN1i+qe+/lSO5udDQbSX0cRR3PA+blKR aZ/J+A==
1008;; Received 717 bytes from 2001:500:1::53#53(h.root-servers.net) in 41 ms
1009
1010kosgeb.gov.tr. 43200 IN NS ns2.kosgeb.gov.tr.
1011kosgeb.gov.tr. 43200 IN NS ns1.kosgeb.gov.tr.
1012;; Received 110 bytes from 2600:2000:3003::1#53(ns92.nic.tr) in 271 ms
1013
1014;; Received 54 bytes from 88.255.226.131#53(ns1.kosgeb.gov.tr) in 155 ms
1015
1016######################################################################################################################################
1017[*] Performing General Enumeration of Domain: kosgeb.gov.tr
1018[-] DNSSEC is not configured for kosgeb.gov.tr
1019[*] SOA ns1.kosgeb.gov.tr 88.255.226.131
1020[*] NS ns1.kosgeb.gov.tr 88.255.226.131
1021[*] Bind Version for 88.255.226.131 Microsoft DNS 6.0.6002 (17724D35)
1022[*] NS ns2.kosgeb.gov.tr 88.255.226.140
1023[-] Recursion enabled on NS Server 88.255.226.140
1024[*] Bind Version for 88.255.226.140 Microsoft DNS 6.0.6003 (1773501D)
1025[*] MX imsva.kosgeb.gov.tr 88.255.226.216
1026[*] A kosgeb.gov.tr 88.255.226.247
1027[*] TXT kosgeb.gov.tr v=spf1 a mx ptr mx:imsva.kosgeb.gov.tr ip4:88.255.226.216 -all
1028[*] TXT _domainkey.kosgeb.gov.tr t=y; o=~
1029[*] Enumerating SRV Records
1030[*] SRV _sip._tls.kosgeb.gov.tr sip.kosgeb.gov.tr 88.255.226.227 443 0
1031[*] SRV _sipfederationtls._tcp.kosgeb.gov.tr sip.kosgeb.gov.tr 88.255.226.227 5061 0
1032[+] 2 Records Found
1033######################################################################################################################################
1034[*] Processing domain kosgeb.gov.tr
1035[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
1036[+] Getting nameservers
103788.255.226.131 - ns1.kosgeb.gov.tr
103888.255.226.140 - ns2.kosgeb.gov.tr
1039[-] Zone transfer failed
1040
1041[+] TXT records found
1042"v=spf1 a mx ptr mx:imsva.kosgeb.gov.tr ip4:88.255.226.216 -all"
1043
1044[+] MX records found, added to target list
10452 imsva.kosgeb.gov.tr.
1046
1047[*] Scanning kosgeb.gov.tr for A records
104888.255.226.247 - kosgeb.gov.tr
104988.255.226.216 - imsva.kosgeb.gov.tr
105088.255.226.195 - autodiscover.kosgeb.gov.tr
105188.255.226.229 - av.kosgeb.gov.tr
105288.255.226.226 - dialin.kosgeb.gov.tr
105388.255.226.247 - en.kosgeb.gov.tr
105488.255.226.226 - external.kosgeb.gov.tr
105588.255.226.230 - intranet.kosgeb.gov.tr
105688.255.226.239 - lms.kosgeb.gov.tr
105788.255.226.226 - lyncdiscover.kosgeb.gov.tr
105888.255.226.138 - mail.kosgeb.gov.tr
105988.255.226.231 - mailing.kosgeb.gov.tr
106088.255.226.243 - media.kosgeb.gov.tr
106188.255.226.226 - meet.kosgeb.gov.tr
106288.255.226.243 - ms.kosgeb.gov.tr
106388.255.226.131 - ns1.kosgeb.gov.tr
106488.255.226.140 - ns2.kosgeb.gov.tr
106588.255.226.135 - services.kosgeb.gov.tr
106688.255.226.227 - sip.kosgeb.gov.tr
106788.255.226.130 - sslvpn.kosgeb.gov.tr
106888.255.226.140 - stats.kosgeb.gov.tr
106988.255.226.228 - webconf.kosgeb.gov.tr
107088.255.226.212 - ww2.kosgeb.gov.tr
107188.255.226.247 - www.kosgeb.gov.tr
1072######################################################################################################################################
1073----- kosgeb.gov.tr -----
1074
1075
1076Host's addresses:
1077__________________
1078
1079kosgeb.gov.tr. 3247 IN A 88.255.226.247
1080
1081
1082Name Servers:
1083______________
1084
1085ns1.kosgeb.gov.tr. 42870 IN A 88.255.226.131
1086ns2.kosgeb.gov.tr. 42870 IN A 88.255.226.140
1087
1088
1089Mail (MX) Servers:
1090___________________
1091
1092imsva.kosgeb.gov.tr. 3531 IN A 88.255.226.216
1093
1094
1095Trying Zone Transfers and getting Bind Versions:
1096_________________________________________________
1097
1098
1099Trying Zone Transfer for kosgeb.gov.tr on ns1.kosgeb.gov.tr ...
1100AXFR record query failed: REFUSED
1101
1102Trying Zone Transfer for kosgeb.gov.tr on ns2.kosgeb.gov.tr ...
1103AXFR record query failed: REFUSED
1104
1105
1106Scraping kosgeb.gov.tr subdomains from Google:
1107_______________________________________________
1108
1109
1110 ---- Google search page: 1 ----
1111
1112
1113 ---- Google search page: 2 ----
1114
1115
1116 ---- Google search page: 3 ----
1117
1118
1119 ---- Google search page: 4 ----
1120
1121 ebelge
1122 mevzuat
1123 dokuman
1124 aractakip
1125 ykds
1126
1127 ---- Google search page: 5 ----
1128
1129 sep
1130 oebs
1131 temsilcilik
1132
1133
1134Google Results:
1135________________
1136
1137aractakip.kosgeb.gov.tr. 3600 IN A 88.255.226.143
1138mevzuat.kosgeb.gov.tr. 3600 IN A 88.255.226.140
1139ebelge.kosgeb.gov.tr. 3600 IN A 88.255.226.205
1140oebs.kosgeb.gov.tr. 3600 IN A 88.255.226.205
1141sep.kosgeb.gov.tr. 3600 IN A 88.255.226.205
1142temsilcilik.kosgeb.gov.tr. 3600 IN A 88.255.226.184
1143dokuman.kosgeb.gov.tr. 3600 IN A 88.255.226.140
1144ykds.kosgeb.gov.tr. 3600 IN A 88.255.226.145
1145
1146
1147Brute forcing with /usr/share/dnsenum/dns.txt:
1148_______________________________________________
1149
1150av.kosgeb.gov.tr. 3521 IN A 88.255.226.229
1151beta.kosgeb.gov.tr. 3259 IN CNAME www2.kosgeb.gov.tr.
1152intranet.kosgeb.gov.tr. 3248 IN CNAME kds.kosgeb.gov.tr.
1153kds.kosgeb.gov.tr. 3248 IN A 88.255.226.230
1154mail.kosgeb.gov.tr. 3247 IN A 88.255.226.138
1155ns1.kosgeb.gov.tr. 42835 IN A 88.255.226.131
1156ns2.kosgeb.gov.tr. 42835 IN A 88.255.226.140
1157stats.kosgeb.gov.tr. 3503 IN A 88.255.226.140
1158www.kosgeb.gov.tr. 2804 IN A 88.255.226.247
1159
1160
1161Launching Whois Queries:
1162_________________________
1163
1164 whois ip result: 88.255.226.0 -> 88.224.0.0/11
1165
1166
1167kosgeb.gov.tr_____________
1168
1169 88.224.0.0/11
1170
1171#######################################################################################################################################
1172traceroute to www.kosgeb.gov.tr (88.255.226.247), 30 hops max, 60 byte packets
1173 1 10.246.204.1 (10.246.204.1) 18.187 ms 36.879 ms 54.871 ms
1174 2 vlan102.as02.qc1.ca.m247.com (176.113.74.17) 54.974 ms 54.951 ms 54.929 ms
1175 3 irb-0.agg1.qc1.ca.m247.com (37.120.128.168) 54.906 ms 54.876 ms 54.852 ms
1176 4 te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44) 54.677 ms 54.656 ms 54.631 ms
1177 5 ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98) 54.519 ms 54.496 ms 54.472 ms
1178 6 4.68.127.229 (4.68.127.229) 54.497 ms 21.698 ms 18.825 ms
1179 7 ae-2-3204.edge7.Amsterdam1.Level3.net (4.69.162.181) 135.963 ms 117.879 ms 135.948 ms
1180 8 213.19.198.194 (213.19.198.194) 135.941 ms 135.934 ms 135.926 ms
1181 9 06-ebgp-ulus1-k---302-ams-col-3.statik.turktelekom.com.tr (212.156.102.118) 222.079 ms 06-ebgp-ulus1-k---302-ams-col-3.statik.turktelekom.com.tr (212.156.102.114) 222.034 ms 34-acibadem-xrs-t2-2---302-ams-col-3.statik.turktelekom.com.tr (212.156.102.169) 221.962 ms
118210 06-ulus-xrs-t2-2---06-incesu-xrs-t2-2.statik.turktelekom.com.tr (212.156.120.135) 221.971 ms 212.156.117.186.29-gumushane-t3-1.25-erzurum-t2-1.statik.turktelekom.com.tr (212.156.117.186) 221.932 ms 212.156.252.68.static.turktelekom.com.tr (212.156.252.68) 162.837 ms
118311 06-ulus-xrs-t2-1---06-ulus-xrs-t2-2.statik.turktelekom.com.tr (195.175.173.48) 221.847 ms 221.849 ms 221.778 ms
118412 06-ulus-xrs-t2-1---34-acibadem-xrs-t2-2.statik.turktelekom.com.tr (81.212.31.34) 221.013 ms 195.175.173.237.65-van-t3-2.65-gurpinar-ess1-t4-1.statik.turktelekom.com.tr (195.175.173.237) 161.919 ms 160.027 ms
1185#######################################################################################################################################
1186 traceroute -T -O info www.kosgeb.gov.tr
1187traceroute to www.kosgeb.gov.tr (88.255.226.247), 30 hops max, 60 byte packets
1188 1 10.246.204.1 (10.246.204.1) 22.262 ms 40.582 ms 58.532 ms
1189 2 vlan102.as02.qc1.ca.m247.com (176.113.74.17) 58.624 ms 58.631 ms 58.626 ms
1190 3 irb-0.agg1.qc1.ca.m247.com (37.120.128.168) 58.620 ms 58.615 ms 58.609 ms
1191 4 te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44) 58.422 ms 58.460 ms 58.456 ms
1192 5 ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98) 58.391 ms 58.387 ms 58.338 ms
1193 6 4.68.127.229 (4.68.127.229) 58.393 ms 21.542 ms 19.613 ms
1194 7 ae-2-3204.edge7.Amsterdam1.Level3.net (4.69.162.181) 137.956 ms 120.416 ms 137.884 ms
1195 8 213.19.198.194 (213.19.198.194) 137.900 ms 137.860 ms 137.844 ms
1196 9 * * *
119710 * * *
119811 * * *
119912 * * *
120013 * * *
120114 88.255.226.247.static.ttnet.com.tr (88.255.226.247) <syn,ack> 215.601 ms * 152.074 ms
1202#######################################################################################################################################
1203[*] Processing domain www.kosgeb.gov.tr
1204[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
1205[+] Getting nameservers
1206[-] Getting nameservers failed
1207[-] Zone transfer failed
1208
1209[*] Scanning www.kosgeb.gov.tr for A records
121088.255.226.247 - www.kosgeb.gov.tr
1211#######################################################################################################################################
1212Privileges have been dropped to "nobody:nogroup" for security reasons.
1213
1214Processed queries: 0
1215Received packets: 0
1216Progress: 0.00% (00 h 00 min 00 sec / 00 h 00 min 00 sec)
1217Current incoming rate: 0 pps, average: 0 pps
1218Current success rate: 0 pps, average: 0 pps
1219Finished total: 0, success: 0 (0.00%)
1220Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
1221Failures: 0: 0.00%, 1: 0.00%, 2: 0.00%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1222Response: | Success: | Total:
1223OK: | 0 ( 0.00%) | 0 ( 0.00%)
1224NXDOMAIN: | 0 ( 0.00%) | 0 ( 0.00%)
1225SERVFAIL: | 0 ( 0.00%) | 0 ( 0.00%)
1226REFUSED: | 0 ( 0.00%) | 0 ( 0.00%)
1227FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1228
1229
1230
1231Processed queries: 1919
1232Received packets: 2022
1233Progress: 100.00% (00 h 00 min 01 sec / 00 h 00 min 01 sec)
1234Current incoming rate: 2018 pps, average: 2018 pps
1235Current success rate: 1225 pps, average: 1225 pps
1236Finished total: 1228, success: 1228 (100.00%)
1237Mismatched domains: 169 (8.39%), IDs: 0 (0.00%)
1238Failures: 0: 26.22%, 1: 96.09%, 2: 29.72%, 3: 3.42%, 4: 0.57%, 5: 0.24%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1239Response: | Success: | Total:
1240OK: | 149 ( 12.13%) | 158 ( 7.85%)
1241NXDOMAIN: | 1041 ( 84.77%) | 1153 ( 57.25%)
1242SERVFAIL: | 38 ( 3.09%) | 44 ( 2.18%)
1243REFUSED: | 0 ( 0.00%) | 659 ( 32.72%)
1244FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1245
1246
1247
1248Processed queries: 1919
1249Received packets: 2951
1250Progress: 100.00% (00 h 00 min 02 sec / 00 h 00 min 02 sec)
1251Current incoming rate: 927 pps, average: 1472 pps
1252Current success rate: 542 pps, average: 884 pps
1253Finished total: 1772, success: 1772 (100.00%)
1254Mismatched domains: 402 (13.67%), IDs: 0 (0.00%)
1255Failures: 0: 18.17%, 1: 42.95%, 2: 23.59%, 3: 14.16%, 4: 6.83%, 5: 1.98%, 6: 0.40%, 7: 0.23%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1256Response: | Success: | Total:
1257OK: | 184 ( 10.38%) | 197 ( 6.70%)
1258NXDOMAIN: | 1538 ( 86.79%) | 1858 ( 63.20%)
1259SERVFAIL: | 50 ( 2.82%) | 58 ( 1.97%)
1260REFUSED: | 0 ( 0.00%) | 827 ( 28.13%)
1261FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1262
1263
1264
1265Processed queries: 1919
1266Received packets: 3132
1267Progress: 100.00% (00 h 00 min 03 sec / 00 h 00 min 03 sec)
1268Current incoming rate: 180 pps, average: 1041 pps
1269Current success rate: 96 pps, average: 621 pps
1270Finished total: 1869, success: 1869 (100.00%)
1271Mismatched domains: 443 (14.21%), IDs: 0 (0.00%)
1272Failures: 0: 17.23%, 1: 40.72%, 2: 22.36%, 3: 10.65%, 4: 5.35%, 5: 2.57%, 6: 2.41%, 7: 0.86%, 8: 0.43%, 9: 0.11%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1273Response: | Success: | Total:
1274OK: | 190 ( 10.17%) | 204 ( 6.54%)
1275NXDOMAIN: | 1626 ( 87.00%) | 1980 ( 63.50%)
1276SERVFAIL: | 53 ( 2.84%) | 61 ( 1.96%)
1277REFUSED: | 0 ( 0.00%) | 873 ( 28.00%)
1278FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1279
1280
1281
1282Processed queries: 1919
1283Received packets: 3197
1284Progress: 100.00% (00 h 00 min 04 sec / 00 h 00 min 04 sec)
1285Current incoming rate: 64 pps, average: 797 pps
1286Current success rate: 39 pps, average: 476 pps
1287Finished total: 1909, success: 1909 (100.00%)
1288Mismatched domains: 465 (14.61%), IDs: 0 (0.00%)
1289Failures: 0: 16.87%, 1: 39.86%, 2: 21.90%, 3: 10.42%, 4: 5.24%, 5: 2.04%, 6: 1.73%, 7: 1.10%, 8: 0.84%, 9: 0.26%, 10: 0.26%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1290Response: | Success: | Total:
1291OK: | 192 ( 10.06%) | 207 ( 6.50%)
1292NXDOMAIN: | 1664 ( 87.17%) | 2038 ( 64.03%)
1293SERVFAIL: | 53 ( 2.78%) | 61 ( 1.92%)
1294REFUSED: | 0 ( 0.00%) | 877 ( 27.55%)
1295FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1296
1297
1298
1299Processed queries: 1919
1300Received packets: 3226
1301Progress: 100.00% (00 h 00 min 05 sec / 00 h 00 min 05 sec)
1302Current incoming rate: 28 pps, average: 643 pps
1303Current success rate: 7 pps, average: 382 pps
1304Finished total: 1917, success: 1917 (100.00%)
1305Mismatched domains: 484 (15.07%), IDs: 0 (0.00%)
1306Failures: 0: 16.80%, 1: 39.70%, 2: 21.80%, 3: 10.38%, 4: 5.22%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.52%, 10: 0.16%, 11: 0.05%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1307Response: | Success: | Total:
1308OK: | 193 ( 10.07%) | 208 ( 6.48%)
1309NXDOMAIN: | 1670 ( 87.12%) | 2062 ( 64.20%)
1310SERVFAIL: | 54 ( 2.82%) | 63 ( 1.96%)
1311REFUSED: | 0 ( 0.00%) | 879 ( 27.37%)
1312FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1313
1314
1315
1316Processed queries: 1919
1317Received packets: 3231
1318Progress: 100.00% (00 h 00 min 06 sec / 00 h 00 min 06 sec)
1319Current incoming rate: 4 pps, average: 537 pps
1320Current success rate: 0 pps, average: 319 pps
1321Finished total: 1918, success: 1918 (100.00%)
1322Mismatched domains: 488 (15.17%), IDs: 0 (0.00%)
1323Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.05%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1324Response: | Success: | Total:
1325OK: | 193 ( 10.06%) | 209 ( 6.50%)
1326NXDOMAIN: | 1671 ( 87.12%) | 2066 ( 64.22%)
1327SERVFAIL: | 54 ( 2.82%) | 63 ( 1.96%)
1328REFUSED: | 0 ( 0.00%) | 879 ( 27.32%)
1329FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1330
1331
1332
1333Processed queries: 1919
1334Received packets: 3238
1335Progress: 100.00% (00 h 00 min 07 sec / 00 h 00 min 07 sec)
1336Current incoming rate: 6 pps, average: 461 pps
1337Current success rate: 0 pps, average: 273 pps
1338Finished total: 1918, success: 1918 (100.00%)
1339Mismatched domains: 495 (15.35%), IDs: 0 (0.00%)
1340Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.10%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1341Response: | Success: | Total:
1342OK: | 193 ( 10.06%) | 209 ( 6.48%)
1343NXDOMAIN: | 1671 ( 87.12%) | 2069 ( 64.17%)
1344SERVFAIL: | 54 ( 2.82%) | 66 ( 2.05%)
1345REFUSED: | 0 ( 0.00%) | 880 ( 27.30%)
1346FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1347
1348
1349
1350Processed queries: 1919
1351Received packets: 3245
1352Progress: 100.00% (00 h 00 min 08 sec / 00 h 00 min 08 sec)
1353Current incoming rate: 6 pps, average: 404 pps
1354Current success rate: 0 pps, average: 239 pps
1355Finished total: 1918, success: 1918 (100.00%)
1356Mismatched domains: 502 (15.54%), IDs: 0 (0.00%)
1357Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1358Response: | Success: | Total:
1359OK: | 193 ( 10.06%) | 209 ( 6.47%)
1360NXDOMAIN: | 1671 ( 87.12%) | 2071 ( 64.10%)
1361SERVFAIL: | 54 ( 2.82%) | 70 ( 2.17%)
1362REFUSED: | 0 ( 0.00%) | 881 ( 27.27%)
1363FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1364
1365
1366
1367Processed queries: 1919
1368Received packets: 3249
1369Progress: 100.00% (00 h 00 min 09 sec / 00 h 00 min 09 sec)
1370Current incoming rate: 3 pps, average: 360 pps
1371Current success rate: 0 pps, average: 212 pps
1372Finished total: 1918, success: 1918 (100.00%)
1373Mismatched domains: 506 (15.64%), IDs: 0 (0.00%)
1374Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.05%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1375Response: | Success: | Total:
1376OK: | 193 ( 10.06%) | 209 ( 6.46%)
1377NXDOMAIN: | 1671 ( 87.12%) | 2071 ( 64.02%)
1378SERVFAIL: | 54 ( 2.82%) | 73 ( 2.26%)
1379REFUSED: | 0 ( 0.00%) | 882 ( 27.26%)
1380FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1381
1382
1383
1384Processed queries: 1919
1385Received packets: 3253
1386Progress: 100.00% (00 h 00 min 10 sec / 00 h 00 min 10 sec)
1387Current incoming rate: 3 pps, average: 324 pps
1388Current success rate: 0 pps, average: 191 pps
1389Finished total: 1918, success: 1918 (100.00%)
1390Mismatched domains: 510 (15.75%), IDs: 0 (0.00%)
1391Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.05%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1392Response: | Success: | Total:
1393OK: | 193 ( 10.06%) | 209 ( 6.45%)
1394NXDOMAIN: | 1671 ( 87.12%) | 2073 ( 64.00%)
1395SERVFAIL: | 54 ( 2.82%) | 74 ( 2.28%)
1396REFUSED: | 0 ( 0.00%) | 883 ( 27.26%)
1397FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1398
1399
1400
1401Processed queries: 1919
1402Received packets: 3260
1403Progress: 100.00% (00 h 00 min 11 sec / 00 h 00 min 11 sec)
1404Current incoming rate: 6 pps, average: 295 pps
1405Current success rate: 0 pps, average: 174 pps
1406Finished total: 1918, success: 1918 (100.00%)
1407Mismatched domains: 517 (15.93%), IDs: 0 (0.00%)
1408Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.05%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1409Response: | Success: | Total:
1410OK: | 193 ( 10.06%) | 209 ( 6.44%)
1411NXDOMAIN: | 1671 ( 87.12%) | 2073 ( 63.86%)
1412SERVFAIL: | 54 ( 2.82%) | 80 ( 2.46%)
1413REFUSED: | 0 ( 0.00%) | 884 ( 27.23%)
1414FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1415
1416
1417
1418Processed queries: 1919
1419Received packets: 3267
1420Progress: 100.00% (00 h 00 min 12 sec / 00 h 00 min 12 sec)
1421Current incoming rate: 6 pps, average: 271 pps
1422Current success rate: 0 pps, average: 159 pps
1423Finished total: 1918, success: 1918 (100.00%)
1424Mismatched domains: 524 (16.11%), IDs: 0 (0.00%)
1425Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.05%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1426Response: | Success: | Total:
1427OK: | 193 ( 10.06%) | 209 ( 6.42%)
1428NXDOMAIN: | 1671 ( 87.12%) | 2074 ( 63.76%)
1429SERVFAIL: | 54 ( 2.82%) | 82 ( 2.52%)
1430REFUSED: | 0 ( 0.00%) | 888 ( 27.30%)
1431FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1432
1433
1434
1435Processed queries: 1919
1436Received packets: 3274
1437Progress: 100.00% (00 h 00 min 13 sec / 00 h 00 min 13 sec)
1438Current incoming rate: 6 pps, average: 251 pps
1439Current success rate: 0 pps, average: 147 pps
1440Finished total: 1918, success: 1918 (100.00%)
1441Mismatched domains: 531 (16.29%), IDs: 0 (0.00%)
1442Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.05%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1443Response: | Success: | Total:
1444OK: | 193 ( 10.06%) | 209 ( 6.41%)
1445NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.74%)
1446SERVFAIL: | 54 ( 2.82%) | 84 ( 2.58%)
1447REFUSED: | 0 ( 0.00%) | 889 ( 27.27%)
1448FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1449
1450
1451
1452Processed queries: 1919
1453Received packets: 3276
1454Progress: 100.00% (00 h 00 min 14 sec / 00 h 00 min 14 sec)
1455Current incoming rate: 1 pps, average: 233 pps
1456Current success rate: 0 pps, average: 136 pps
1457Finished total: 1918, success: 1918 (100.00%)
1458Mismatched domains: 533 (16.34%), IDs: 0 (0.00%)
1459Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.05%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1460Response: | Success: | Total:
1461OK: | 193 ( 10.06%) | 209 ( 6.41%)
1462NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.70%)
1463SERVFAIL: | 54 ( 2.82%) | 84 ( 2.58%)
1464REFUSED: | 0 ( 0.00%) | 891 ( 27.31%)
1465FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1466
1467
1468
1469Processed queries: 1919
1470Received packets: 3277
1471Progress: 100.00% (00 h 00 min 15 sec / 00 h 00 min 15 sec)
1472Current incoming rate: 0 pps, average: 218 pps
1473Current success rate: 0 pps, average: 127 pps
1474Finished total: 1918, success: 1918 (100.00%)
1475Mismatched domains: 534 (16.37%), IDs: 0 (0.00%)
1476Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.05%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1477Response: | Success: | Total:
1478OK: | 193 ( 10.06%) | 209 ( 6.41%)
1479NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.68%)
1480SERVFAIL: | 54 ( 2.82%) | 84 ( 2.57%)
1481REFUSED: | 0 ( 0.00%) | 892 ( 27.34%)
1482FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1483
1484
1485
1486Processed queries: 1919
1487Received packets: 3277
1488Progress: 100.00% (00 h 00 min 16 sec / 00 h 00 min 16 sec)
1489Current incoming rate: 0 pps, average: 204 pps
1490Current success rate: 0 pps, average: 119 pps
1491Finished total: 1918, success: 1918 (100.00%)
1492Mismatched domains: 534 (16.37%), IDs: 0 (0.00%)
1493Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.05%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1494Response: | Success: | Total:
1495OK: | 193 ( 10.06%) | 209 ( 6.41%)
1496NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.68%)
1497SERVFAIL: | 54 ( 2.82%) | 84 ( 2.57%)
1498REFUSED: | 0 ( 0.00%) | 892 ( 27.34%)
1499FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1500
1501
1502
1503Processed queries: 1919
1504Received packets: 3279
1505Progress: 100.00% (00 h 00 min 17 sec / 00 h 00 min 17 sec)
1506Current incoming rate: 1 pps, average: 192 pps
1507Current success rate: 0 pps, average: 112 pps
1508Finished total: 1918, success: 1918 (100.00%)
1509Mismatched domains: 536 (16.42%), IDs: 0 (0.00%)
1510Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.05%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1511Response: | Success: | Total:
1512OK: | 193 ( 10.06%) | 209 ( 6.40%)
1513NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.64%)
1514SERVFAIL: | 54 ( 2.82%) | 85 ( 2.60%)
1515REFUSED: | 0 ( 0.00%) | 893 ( 27.35%)
1516FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1517
1518
1519
1520Processed queries: 1919
1521Received packets: 3281
1522Progress: 100.00% (00 h 00 min 18 sec / 00 h 00 min 18 sec)
1523Current incoming rate: 1 pps, average: 181 pps
1524Current success rate: 0 pps, average: 106 pps
1525Finished total: 1918, success: 1918 (100.00%)
1526Mismatched domains: 538 (16.47%), IDs: 0 (0.00%)
1527Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.05%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1528Response: | Success: | Total:
1529OK: | 193 ( 10.06%) | 209 ( 6.40%)
1530NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.61%)
1531SERVFAIL: | 54 ( 2.82%) | 86 ( 2.63%)
1532REFUSED: | 0 ( 0.00%) | 894 ( 27.36%)
1533FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1534
1535
1536
1537Processed queries: 1919
1538Received packets: 3283
1539Progress: 100.00% (00 h 00 min 19 sec / 00 h 00 min 19 sec)
1540Current incoming rate: 1 pps, average: 172 pps
1541Current success rate: 0 pps, average: 100 pps
1542Finished total: 1918, success: 1918 (100.00%)
1543Mismatched domains: 540 (16.52%), IDs: 0 (0.00%)
1544Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.05%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1545Response: | Success: | Total:
1546OK: | 193 ( 10.06%) | 209 ( 6.39%)
1547NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.57%)
1548SERVFAIL: | 54 ( 2.82%) | 87 ( 2.66%)
1549REFUSED: | 0 ( 0.00%) | 895 ( 27.38%)
1550FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1551
1552
1553
1554Processed queries: 1919
1555Received packets: 3284
1556Progress: 100.00% (00 h 00 min 20 sec / 00 h 00 min 20 sec)
1557Current incoming rate: 0 pps, average: 163 pps
1558Current success rate: 0 pps, average: 95 pps
1559Finished total: 1918, success: 1918 (100.00%)
1560Mismatched domains: 541 (16.54%), IDs: 0 (0.00%)
1561Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.05%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1562Response: | Success: | Total:
1563OK: | 193 ( 10.06%) | 209 ( 6.39%)
1564NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.55%)
1565SERVFAIL: | 54 ( 2.82%) | 88 ( 2.69%)
1566REFUSED: | 0 ( 0.00%) | 895 ( 27.37%)
1567FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1568
1569
1570
1571Processed queries: 1919
1572Received packets: 3286
1573Progress: 100.00% (00 h 00 min 21 sec / 00 h 00 min 21 sec)
1574Current incoming rate: 1 pps, average: 156 pps
1575Current success rate: 0 pps, average: 91 pps
1576Finished total: 1918, success: 1918 (100.00%)
1577Mismatched domains: 543 (16.60%), IDs: 0 (0.00%)
1578Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.05%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1579Response: | Success: | Total:
1580OK: | 193 ( 10.06%) | 209 ( 6.39%)
1581NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.51%)
1582SERVFAIL: | 54 ( 2.82%) | 88 ( 2.69%)
1583REFUSED: | 0 ( 0.00%) | 897 ( 27.41%)
1584FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1585
1586
1587
1588Processed queries: 1919
1589Received packets: 3287
1590Progress: 100.00% (00 h 00 min 22 sec / 00 h 00 min 22 sec)
1591Current incoming rate: 0 pps, average: 149 pps
1592Current success rate: 0 pps, average: 87 pps
1593Finished total: 1918, success: 1918 (100.00%)
1594Mismatched domains: 544 (16.62%), IDs: 0 (0.00%)
1595Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.05%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1596Response: | Success: | Total:
1597OK: | 193 ( 10.06%) | 209 ( 6.39%)
1598NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.49%)
1599SERVFAIL: | 54 ( 2.82%) | 88 ( 2.69%)
1600REFUSED: | 0 ( 0.00%) | 897 ( 27.41%)
1601FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1602
1603
1604
1605Processed queries: 1919
1606Received packets: 3289
1607Progress: 100.00% (00 h 00 min 23 sec / 00 h 00 min 23 sec)
1608Current incoming rate: 1 pps, average: 142 pps
1609Current success rate: 0 pps, average: 83 pps
1610Finished total: 1918, success: 1918 (100.00%)
1611Mismatched domains: 546 (16.67%), IDs: 0 (0.00%)
1612Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.05%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1613Response: | Success: | Total:
1614OK: | 193 ( 10.06%) | 209 ( 6.38%)
1615NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.45%)
1616SERVFAIL: | 54 ( 2.82%) | 89 ( 2.72%)
1617REFUSED: | 0 ( 0.00%) | 898 ( 27.42%)
1618FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1619
1620
1621
1622Processed queries: 1919
1623Received packets: 3289
1624Progress: 100.00% (00 h 00 min 24 sec / 00 h 00 min 24 sec)
1625Current incoming rate: 0 pps, average: 136 pps
1626Current success rate: 0 pps, average: 79 pps
1627Finished total: 1918, success: 1918 (100.00%)
1628Mismatched domains: 546 (16.67%), IDs: 0 (0.00%)
1629Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.05%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1630Response: | Success: | Total:
1631OK: | 193 ( 10.06%) | 209 ( 6.38%)
1632NXDOMAIN: | 1671 ( 87.12%) | 2078 ( 63.45%)
1633SERVFAIL: | 54 ( 2.82%) | 89 ( 2.72%)
1634REFUSED: | 0 ( 0.00%) | 898 ( 27.42%)
1635FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1636
1637
1638
1639Processed queries: 1919
1640Received packets: 3291
1641Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1642Current incoming rate: 1 pps, average: 131 pps
1643Current success rate: 0 pps, average: 76 pps
1644Finished total: 1918, success: 1918 (100.00%)
1645Mismatched domains: 548 (16.72%), IDs: 0 (0.00%)
1646Failures: 0: 16.79%, 1: 39.68%, 2: 21.79%, 3: 10.38%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.05%, 50: 0.00%,
1647Response: | Success: | Total:
1648OK: | 193 ( 10.06%) | 209 ( 6.38%)
1649NXDOMAIN: | 1671 ( 87.12%) | 2080 ( 63.47%)
1650SERVFAIL: | 54 ( 2.82%) | 89 ( 2.72%)
1651REFUSED: | 0 ( 0.00%) | 898 ( 27.40%)
1652FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1653
1654
1655
1656Processed queries: 1919
1657Received packets: 3291
1658Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1659Current incoming rate: 0 pps, average: 131 pps
1660Current success rate: 0 pps, average: 76 pps
1661Finished total: 1919, success: 1918 (99.95%)
1662Mismatched domains: 548 (16.72%), IDs: 0 (0.00%)
1663Failures: 0: 16.78%, 1: 39.66%, 2: 21.78%, 3: 10.37%, 4: 5.21%, 5: 2.03%, 6: 1.72%, 7: 1.04%, 8: 0.57%, 9: 0.47%, 10: 0.16%, 11: 0.00%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.05%,
1664Response: | Success: | Total:
1665OK: | 193 ( 10.06%) | 209 ( 6.38%)
1666NXDOMAIN: | 1671 ( 87.12%) | 2080 ( 63.47%)
1667SERVFAIL: | 54 ( 2.82%) | 89 ( 2.72%)
1668REFUSED: | 0 ( 0.00%) | 898 ( 27.40%)
1669FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1670######################################################################################################################################
1671[+] www.kosgeb.gov.tr has no SPF record!
1672[*] No DMARC record found. Looking for organizational record
1673[+] No organizational DMARC record
1674[+] Spoofing possible for www.kosgeb.gov.tr!
1675#######################################################################################################################################
1676INFO[0000] Starting to process queue....
1677INFO[0000] Starting to process permutations....
1678INFO[0000] FORBIDDEN http://kosgeb.s3.amazonaws.com (http://kosgeb.gov.tr)
1679#######################################################################################################################################
1680Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 23:30 EST
1681Nmap scan report for www.kosgeb.gov.tr (88.255.226.247)
1682Host is up (0.14s latency).
1683rDNS record for 88.255.226.247: 88.255.226.247.static.ttnet.com.tr
1684Not shown: 995 filtered ports, 3 closed ports
1685Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1686PORT STATE SERVICE
168780/tcp open http
1688443/tcp open https
1689
1690Nmap done: 1 IP address (1 host up) scanned in 11.14 seconds
1691#######################################################################################################################################
1692Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 23:30 EST
1693Nmap scan report for www.kosgeb.gov.tr (88.255.226.247)
1694Host is up (0.036s latency).
1695rDNS record for 88.255.226.247: 88.255.226.247.static.ttnet.com.tr
1696Not shown: 2 filtered ports
1697PORT STATE SERVICE
169853/udp open|filtered domain
169967/udp open|filtered dhcps
170068/udp open|filtered dhcpc
170169/udp open|filtered tftp
170288/udp open|filtered kerberos-sec
1703123/udp open|filtered ntp
1704139/udp open|filtered netbios-ssn
1705161/udp open|filtered snmp
1706162/udp open|filtered snmptrap
1707389/udp open|filtered ldap
1708500/udp open|filtered isakmp
1709520/udp open|filtered route
17102049/udp open|filtered nfs
1711
1712Nmap done: 1 IP address (1 host up) scanned in 1.86 seconds
1713#######################################################################################################################################
1714https://edevlet.kosgeb.gov.tr
1715https://edevlet.kosgeb.gov.tr/
1716https://envanter.kaysis.gov.tr/?Kurum=80228899
1717https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700,800
1718https://fonts.googleapis.com/css?family=Oswald:400,300,700
1719https://lms.kosgeb.gov.tr/
1720https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637032203348858710.jpg
1721https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637033058797627264.jpg
1722https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637040699534622537.jpg
1723https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637042377009310204.jpg
1724https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637047466604143806.jpg
1725https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637048281898132906.jpg
1726https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637048534463596490.jpg
1727https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637048536653291917.jpg
1728https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637049406504265267.jpg
1729https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637051839063169538.jpg
1730https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637052007465233386.jpg
1731https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637053686377619443.jpg
1732https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637057812394212191.jpg
1733https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637060731660067661.jpg
1734https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637067650802523088.jpg
1735https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637068371413300042.jpg
1736https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637070223412287664.jpg
1737https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637070426902220841.jpg
1738https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637073435332050838.jpg
1739https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637074229100297212.jpg
1740https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637074251168391021.jpg
1741https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637074508365219778.jpg
1742https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637087316973489351.jpg
1743https://www.kosgeb.gov.tr/site/tr/genel/destekdetay/6985/isgemtekmer-programi
1744https://www.kosgeb.gov.tr/site/tr/genel/detay/7023/kosgeb-6-kobi-ve-girisimcilik-odul-finalistleri
1745https://www.kosgeb.gov.tr/site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
1746https://www.kosgeb.gov.tr/site/tr/genel/detay/7226/geleneksel-girisimciye-50-bin-tlye-kadar-finansman-destegi
1747https://www.kosgeb.gov.tr/site/tr/media/detay/7219/2019-ekim-edergi
1748https://www.kosgeb.gov.tr/Web/Content/assets/js/jssor.slider-27.5.0.min.js
1749https://www.sanayi.gov.tr/
1750http://temsilcilik.kosgeb.gov.tr/
1751http://www.kobivegirisimcilikodulleri.gov.tr
1752http://www.kosgeb.gov.tr/site/tr/genel/detay/6316/kobi-ve-girisimcilerimizin-dikkatine
1753http://www.kosgeb.gov.tr/site/tr/genel/detay/7137/yurtdisi-pazar-destek-programi-yururluge-girdi
1754/site
1755/site/tr/baglanti/fuarliste
1756/site/tr/baglanti/ugeliste
1757/site/tr/baglanti/yigliste/0/yurt-disi-is-gezisi-duyurulari
1758/site/tr/genel/destekler/3/destekler
1759/site/tr/genel/destekler/6312/girisimcilik-destekleri
1760/site/tr/genel/destekler/6313/arge-teknolojik-uretim-ve-yerlilestirme-destekleri
1761/site/tr/genel/destekler/6314/isletme-gelistirme-buyume-ve-uluslararasilasma-destekleri
1762/site/tr/genel/destekler/6315/kobi-finansman-destekleri
1763/site/tr/genel/destekler/6316/laboratuvar-hizmetleri
1764/site/tr/genel/destekler/6343/isgemtekmer-programi
1765/site/tr/genel/detay/203/ekatalog-edergi
1766/site/tr/genel/detay/5686/turkiye-avrupa-birligi-iliskileri
1767/site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
1768/site/tr/genel/detay/7130/kosgeb-baskani-prof-uzkurt-eminonu-esnafina-seslendi
1769/site/tr/genel/detay/7136/kosgebden-kobileri-cesaretlendirecek-adim
1770/site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
1771/site/tr/genel/detay/7166/kosgeb-baskani-uzkurt-isletmeye-ozgu-destekler-verme-asamasina-gececegiz
1772/site/tr/genel/detay/7168/basin-aciklamasi
1773/site/tr/genel/detay/7207/sri-lanka-buyukelcisinden-kosgebe-ziyaret
1774/site/tr/genel/detay/7210/sirbistan-ile-kobi-is-birligi
1775/site/tr/genel/detay/7221/kosgeb-baskani-prof-uzkurt-mardinde
1776/site/tr/genel/detay/7222/diyarbakirda-esnafla-bulustu-kosgeb-desteklerini-anlatti
1777/site/tr/genel/detay/7223/kosgeb-guney-asyaya-aciliyor
1778/site/tr/genel/detay/7224/kosgeb-baskani-uzkurt-hisiad-heyetini-kabul-etti
1779/site/tr/genel/detay/7225/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
1780/site/tr/genel/detay/7228/isletme-degerlendirme-raporu-begeni-topluyor
1781/site/tr/genel/detay/7231/kosgeb-destekli-keskin-nisanci-tufegi
1782/site/tr/genel/haftaninkobisi/0/haftanin-kobi-girisimcisi
1783/site/tr/genel/IletisimMerkezi
1784/site/tr/genel/kobimiyim/0/kobimiyim-testi
1785/site/tr/genel/liste/10/egitim-duyurulari
1786/site/tr/genel/liste/13/genel-duyurular
1787/site/tr/genel/liste/16/avrupa-isletmeler-agi-is-birligi-duyurulari
1788/site/tr/genel/liste/19/ab-ile-ilgili-proje-duyurulari
1789/site/tr/genel/liste/2/duyurular
1790/site/tr/genel/liste/31/genel-kurul-ve-icra-komitesi
1791/site/tr/genel/liste/35/vizyon-misyon-ve-temel-degerler
1792/site/tr/genel/liste/38/plan-raporlar-ve-mali-tablolar
1793/site/tr/genel/liste/39/istirakler
1794/site/tr/genel/liste/40/teskilat-semasi
1795/site/tr/genel/liste/43/cosme
1796/site/tr/genel/liste/6164/baskan
1797/site/tr/genel/liste/6165/mevzuat
1798/site/tr/genel/liste/6190/finansman-duyurulari
1799/site/tr/genel/liste/6228/uluslararasi-iliskiler
1800/site/tr/genel/liste/6340/kvkk-aydinlatma-metni
1801/site/tr/video/default/0/video-haber
1802/site/tr/video/detay/225/ilk-kez-yurt-disina-acilacak-kobilere-300-bin-tl-destek
1803/site/tr/video/detay/226/kosgeb-kobilerin-karnesini-cikardi
1804/site/tr/video/detay/227/isletme-degerlendirme-raporu-yururluge-girdi
1805/site/tr/video/detay/228/kosgebden-dev-hizmet
1806/site/tr/video/detay/229/kosgeb-baskani-trt-haberin-canli-yayin-konugu
1807/site/tr/video/detay/230/kosgeb-isletme-degerlendirme-raporu
1808/site/tr/video/detay/231/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
1809/site/tr/video/detay/232/kobiler-icin-yeni-destek-paketi
1810text/javascript
1811/Web/Content/assets/css/menu/fontello.css
1812/Web/Content/assets/css/menu/style.css
1813/Web/Content/assets/css/sumoselect.css
1814/Web/Content/assets/img/bsblogo.jpg
1815/Web/Content/assets/img/bsbLogo.png
1816/Web/Content/assets/img/CagriMerkezi.png
1817/Web/Content/assets/img/LogoAlt.png
1818/Web/Content/assets/js/bootstrap.js
1819/Web/Content/assets/js/circularnav.js
1820/Web/Content/assets/js/custom.js
1821/Web/Content/assets/js/imagesloaded.pkgd.min.js
1822/Web/Content/assets/js/jquery.gmap.min.js
1823/Web/Content/assets/js/jquery.min.js
1824/Web/Content/assets/js/jquery.nivo.slider.pack.js
1825/Web/Content/assets/js/jquery.parallax.js
1826/Web/Content/assets/js/jquery.prettyPhoto.js
1827/Web/Content/assets/js/jquery.sticky.js
1828/Web/Content/assets/js/jquery.wait.js
1829/Web/Content/assets/js/modernizr-2.6.2.min.js
1830/Web/Content/assets/js/revolution-slider/js/jquery.themepunch.revolution.min.js
1831/Web/Content/assets/js/superfish.js
1832/Web/Content/assets/js/tytabs.js
1833/Web/Content/assets/js/waypoints.min.js
1834/Web/Content/assets/plugins/FuncyBox/jquery.fancybox.css?v=1.05
1835/Web/Content/assets/plugins/FuncyBox/jquery.fancybox.js?v=1.05
1836/Web/Content/assets/plugins/ninja-slider/ninja-slider.css?v=1.05
1837/Web/Content/assets/plugins/ninja-slider/ninja-slider.js?v=1.05
1838/Web/Content/assets/scripts/jquery-1.12.1.js?v=1.05
1839#######################################################################################################################################
1840http://www.kosgeb.gov.tr [301 Moved Permanently] Country[TURKEY][TR], HTTPServer[Microsoft-IIS/8.5], IP[88.255.226.247], Microsoft-IIS[8.5], RedirectLocation[https://www.kosgeb.gov.tr/], Title[Document Moved]
1841https://www.kosgeb.gov.tr/ [200 OK] ASP_NET[4.0.30319], Cookies[ASP.NET_SessionId], Country[TURKEY][TR], DublinCore, Google-Analytics[Universal][UA-35747174-4], HTML5, HTTPServer[Microsoft-IIS/8.5], HttpOnly[ASP.NET_SessionId], IP[88.255.226.247], JQuery[1.12.1], Microsoft-IIS[8.5], Modernizr[2.6.2.min], Open-Graph-Protocol[website], Script[text/javascript], Title[KOSGEB T.C. Küçük ve Orta Ölçekli İşletmeleri Geliştirme ve Destekleme İdaresi Başkanlığı], X-UA-Compatible[IE=10]
1842#######################################################################################################################################
1843
1844wig - WebApp Information Gatherer
1845
1846
1847Scanning https://www.kosgeb.gov.tr...
1848______________________ SITE INFO _______________________
1849IP Title
185088.255.226.247 KOSGEB T.C. Küçük ve Orta Öl
1851
1852_______________________ VERSION ________________________
1853Name Versions Type
1854ASP.NET 4.0.30319 Platform
1855IIS 8.5 Platform
1856Microsoft Windows Server 2012 R2 OS
1857
1858________________________________________________________
1859Time: 72.0 sec Urls: 693 Fingerprints: 40401
1860#######################################################################################################################################
1861Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 23:32 EST
1862NSE: Loaded 163 scripts for scanning.
1863NSE: Script Pre-scanning.
1864Initiating NSE at 23:32
1865Completed NSE at 23:32, 0.00s elapsed
1866Initiating NSE at 23:32
1867Completed NSE at 23:32, 0.00s elapsed
1868Initiating Parallel DNS resolution of 1 host. at 23:32
1869Completed Parallel DNS resolution of 1 host. at 23:32, 0.02s elapsed
1870Initiating SYN Stealth Scan at 23:32
1871Scanning www.kosgeb.gov.tr (88.255.226.247) [1 port]
1872Discovered open port 80/tcp on 88.255.226.247
1873Completed SYN Stealth Scan at 23:32, 0.21s elapsed (1 total ports)
1874Initiating Service scan at 23:32
1875Scanning 1 service on www.kosgeb.gov.tr (88.255.226.247)
1876Completed Service scan at 23:32, 6.31s elapsed (1 service on 1 host)
1877Initiating OS detection (try #1) against www.kosgeb.gov.tr (88.255.226.247)
1878Retrying OS detection (try #2) against www.kosgeb.gov.tr (88.255.226.247)
1879Initiating Traceroute at 23:32
1880Completed Traceroute at 23:32, 3.11s elapsed
1881Initiating Parallel DNS resolution of 9 hosts. at 23:32
1882Completed Parallel DNS resolution of 9 hosts. at 23:32, 0.15s elapsed
1883NSE: Script scanning 88.255.226.247.
1884Initiating NSE at 23:32
1885Completed NSE at 23:35, 181.42s elapsed
1886Initiating NSE at 23:35
1887Completed NSE at 23:35, 0.72s elapsed
1888Nmap scan report for www.kosgeb.gov.tr (88.255.226.247)
1889Host is up (0.17s latency).
1890rDNS record for 88.255.226.247: 88.255.226.247.static.ttnet.com.tr
1891
1892PORT STATE SERVICE VERSION
189380/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1894| http-brute:
1895|_ Path "/" does not require authentication
1896|_http-chrono: Request times for /; avg: 529.03ms; min: 446.65ms; max: 623.82ms
1897|_http-csrf: Couldn't find any CSRF vulnerabilities.
1898|_http-date: Mon, 11 Nov 2019 04:32:28 GMT; 0s from local time.
1899|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1900|_http-dombased-xss: Couldn't find any DOM based XSS.
1901|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1902|_http-errors: Couldn't find any error pages.
1903|_http-feed: Couldn't find any feeds.
1904|_http-fetch: Please enter the complete path of the directory to save data in.
1905| http-headers:
1906| Content-Type: text/html; charset=UTF-8
1907| Location: https://www.kosgeb.gov.tr/
1908| Server: Microsoft-IIS/8.5
1909| Date: Mon, 11 Nov 2019 04:32:37 GMT
1910| Connection: close
1911| Content-Length: 149
1912|
1913|_ (Request type: GET)
1914|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1915| http-methods:
1916|_ Supported Methods: GET POST
1917|_http-mobileversion-checker: No mobile version detected.
1918|_http-security-headers:
1919| http-server-header:
1920| Microsoft-HTTPAPI/2.0
1921|_ Microsoft-IIS/8.5
1922| http-sitemap-generator:
1923| Directory structure:
1924| Longest directory structure:
1925| Depth: 0
1926| Dir: /
1927| Total files found (by extension):
1928|_
1929|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1930|_http-title: Bad Request
1931| http-vhosts:
1932|_127 names had status 404
1933|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
1934|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1935|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1936|_http-xssed: No previously reported XSS vuln.
1937| vulscan: VulDB - https://vuldb.com:
1938| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
1939| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
1940| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
1941| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
1942| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
1943| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1944| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1945| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1946| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1947| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1948| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1949| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1950| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1951| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1952| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1953| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1954| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1955| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1956| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1957| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1958| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
1959| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
1960| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
1961| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
1962| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
1963| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
1964| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
1965| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
1966| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
1967| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
1968| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
1969| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
1970| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
1971| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
1972| [114524] Microsoft ASP.NET Core 2.0 denial of service
1973| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
1974| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
1975| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
1976| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
1977| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
1978| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
1979| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
1980| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
1981| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
1982| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1983| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1984| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1985| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1986| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1987| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1988| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1989| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1990| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1991| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1992| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1993| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
1994| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
1995| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
1996| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
1997| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
1998| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
1999| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
2000| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
2001| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
2002| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
2003| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2004| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
2005| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
2006| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2007| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2008| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2009| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
2010| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
2011| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2012| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2013| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
2014| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
2015| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
2016| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
2017| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
2018| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
2019| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
2020| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
2021| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2022| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
2023| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
2024| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
2025| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
2026| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
2027| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
2028| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
2029| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
2030| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
2031| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
2032| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
2033| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
2034| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
2035| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
2036| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
2037| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
2038| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2039| [98085] Microsoft Excel 2007 SP3 memory corruption
2040| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
2041| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
2042| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
2043| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
2044| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
2045| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
2046| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
2047| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
2048| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
2049| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
2050| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
2051| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2052| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
2053| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
2054| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
2055| [93541] Microsoft Office 2007 SP3 denial of service
2056| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
2057| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
2058| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
2059| [93396] Microsoft Office 2007/2010/2011 memory corruption
2060| [93395] Microsoft Office 2007/2010/2011 memory corruption
2061| [93394] Microsoft Office 2007/2010 memory corruption
2062| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
2063| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
2064| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2065| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
2066| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2067| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2068| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2069| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
2070| [91545] Microsoft Office 2007/2010 memory corruption
2071| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2072| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
2073| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
2074| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
2075| [90705] Microsoft Office 2007/2010/2011 memory corruption
2076| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2077| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
2078| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
2079| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
2080| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
2081| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
2082| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
2083| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
2084| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
2085| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
2086| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
2087| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
2088| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
2089| [87147] Microsoft Office 2007/2010 memory corruption
2090| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
2091| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
2092| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
2093| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
2094| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
2095| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
2096| [81272] Microsoft Office 2007/2010/2013 memory corruption
2097| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
2098| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2099| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2100| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2101| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
2102| [79505] Microsoft Office 2007 memory corruption
2103| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
2104| [79503] Microsoft Office 2007/2010/2013 memory corruption
2105| [79502] Microsoft Office 2007/2010/2011 memory corruption
2106| [79501] Microsoft Office 2007/2010 memory corruption
2107| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
2108| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
2109| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
2110| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
2111| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
2112| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
2113| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
2114| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
2115| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
2116| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
2117| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
2118| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
2119| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
2120| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
2121| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
2122| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
2123| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
2124| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
2125| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
2126| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
2127| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
2128| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
2129| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
2130| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
2131| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
2132| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
2133| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
2134| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
2135| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
2136| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
2137| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
2138| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
2139| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
2140| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
2141| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
2142| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
2143| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
2144| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
2145| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
2146| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
2147| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
2148| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
2149| [68408] Microsoft Excel 2007/2010/2013 memory corruption
2150| [68407] Microsoft Excel 2007/2010 memory corruption
2151| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
2152| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
2153| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
2154| [68188] Microsoft Word 2007 File memory corruption
2155| [68187] Microsoft Word 2007 File memory corruption
2156| [68186] Microsoft Word 2007 File memory corruption
2157| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
2158| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
2159| [71337] Microsoft Office 2000/2004/XP memory corruption
2160| [67355] Microsoft OneNote 2007 File Processing privilege escalation
2161| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
2162| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
2163| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
2164| [13545] Microsoft Word 2007 Embedded Font memory corruption
2165| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
2166| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
2167| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
2168| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
2169| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
2170| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
2171| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
2172| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
2173| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
2174| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
2175| [12844] Microsoft Word 2007/2010 Office File memory corruption
2176| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
2177| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
2178| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
2179| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
2180| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
2181| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
2182| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
2183| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
2184| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
2185| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
2186| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
2187| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
2188| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
2189| [10648] Microsoft Word 2007 Word File memory corruption
2190| [10647] Microsoft Word 2003 Word File memory corruption
2191| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
2192| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
2193| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
2194| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
2195| [10244] Microsoft Office 2003 SP3 Word File memory corruption
2196| [10243] Microsoft Office 2003/2007 Word File memory corruption
2197| [10242] Microsoft Office 2007 Word File memory corruption
2198| [10241] Microsoft Office 2007 Word File memory corruption
2199| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
2200| [10239] Microsoft Office 2003/2007 Word File memory corruption
2201| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
2202| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
2203| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
2204| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2205| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2206| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2207| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2208| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
2209| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
2210| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
2211| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
2212| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
2213| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
2214| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
2215| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
2216| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
2217| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
2218| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
2219| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
2220| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
2221| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
2222| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
2223| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
2224| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
2225| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
2226| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
2227| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
2228| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
2229| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
2230| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
2231| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
2232| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
2233| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
2234| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
2235| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
2236| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
2237| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
2238| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
2239| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
2240| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
2241| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
2242| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
2243| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
2244| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
2245| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
2246| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
2247| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
2248| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
2249| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
2250| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
2251| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
2252| [6830] Microsoft Word 2007/2010 File memory corruption
2253| [6819] Microsoft Excel 2007 File memory corruption
2254| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
2255| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
2256| [6621] Microsoft Word 2007 PAPX memory corruption
2257| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
2258| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
2259| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
2260| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
2261| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
2262| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
2263| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
2264| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
2265| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
2266| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
2267| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
2268| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
2269| [5643] Microsoft SharePoint 2007/2010 information disclosure
2270| [5642] Microsoft SharePoint 2007 cross site request forgery
2271| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
2272| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
2273| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
2274| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
2275| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
2276| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
2277| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
2278| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
2279| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
2280| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
2281| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
2282| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
2283| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
2284| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
2285| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
2286| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
2287| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
2288| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
2289| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
2290| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
2291| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
2292| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
2293| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
2294| [4480] Microsoft Excel 2003 memory corruption
2295| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
2296| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
2297| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
2298| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
2299| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
2300| [4470] Microsoft Office 2003 SP3 memory corruption
2301| [4453] Microsoft Excel 2003 Record Parser memory corruption
2302| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
2303| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
2304| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
2305| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
2306| [59005] Microsoft Host Integration Server 2004 denial of service
2307| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
2308| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
2309| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
2310| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
2311| [58488] Microsoft Office 2007/2010 memory corruption
2312| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
2313| [4411] Microsoft Excel 2003 memory corruption
2314| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
2315| [58240] Microsoft Visio 2003/2007 memory corruption
2316| [58237] Microsoft Visio 2003/2007/2010 memory corruption
2317| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
2318| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
2319| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
2320| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
2321| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
2322| [57691] Microsoft SQL Server 2008 Web Service information disclosure
2323| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
2324| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
2325| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
2326| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
2327| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
2328| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
2329| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
2330| [4369] Microsoft Excel 2002/2003/2007 memory corruption
2331| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
2332| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
2333| [57420] Microsoft PowerPoint 2002/2003 memory corruption
2334| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
2335| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
2336| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
2337| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
2338| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
2339| [57076] Microsoft Excel 2002/2003 memory corruption
2340| [57075] Microsoft Excel 2002/2003 memory corruption
2341| [57074] Microsoft Excel 2002 memory corruption
2342| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
2343| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
2344| [4332] Microsoft PowerPoint 2007/2010 memory corruption
2345| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
2346| [56475] Microsoft Office 2004/2008 memory corruption
2347| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
2348| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
2349| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
2350| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
2351| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
2352| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
2353| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
2354| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
2355| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
2356| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
2357| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
2358| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
2359| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
2360| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
2361| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
2362| [55765] Microsoft Office 2003/Xp Integer memory corruption
2363| [55764] Microsoft Office 2003/Xp memory corruption
2364| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
2365| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
2366| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
2367| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
2368| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
2369| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
2370| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
2371| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
2372| [55420] Microsoft Office 2007/2010 memory corruption
2373| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
2374| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
2375| [55411] Microsoft PowerPoint 2002/2003 memory corruption
2376| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
2377| [54995] Microsoft Office 2004/2008 memory corruption
2378| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
2379| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
2380| [54992] Microsoft Excel 2002 memory corruption
2381| [54991] Microsoft Office 2004 Future memory corruption
2382| [54990] Microsoft Office 2004 memory corruption
2383| [54989] Microsoft Office 2004/2008 memory corruption
2384| [54988] Microsoft Excel 2002 memory corruption
2385| [54987] Microsoft Excel 2002 memory corruption
2386| [54986] Microsoft Excel 2002/2003 memory corruption
2387| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
2388| [54984] Microsoft Office 2004/2008 memory corruption
2389| [54983] Microsoft Excel 2002 Integer memory corruption
2390| [54980] Microsoft Word 2002/2003 memory corruption
2391| [54979] Microsoft Word 2002 memory corruption
2392| [54978] Microsoft Word 2002 memory corruption
2393| [54977] Microsoft Word 2002 Heap-based memory corruption
2394| [54976] Microsoft Word 2002 memory corruption
2395| [54975] Microsoft Word 2002 memory corruption
2396| [54974] Microsoft Word 2002 memory corruption
2397| [54973] Microsoft Word 2002 memory corruption
2398| [54972] Microsoft Word 2002 memory corruption
2399| [54971] Microsoft Word 2002 memory corruption
2400| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
2401| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
2402| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
2403| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
2404| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
2405| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
2406| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
2407| [54554] Microsoft Groove 2007 mso.dll memory corruption
2408| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
2409| [54322] Microsoft Word 2002/2003 memory corruption
2410| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
2411| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
2412| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
2413| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
2414| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
2415| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
2416| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
2417| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
2418| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
2419| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
2420| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
2421| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
2422| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
2423| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
2424| [53505] Microsoft Excel 2002/2007 memory corruption
2425| [53501] Microsoft Excel 2002 memory corruption
2426| [53500] Microsoft Excel 2002 memory corruption
2427| [53499] Microsoft Excel 2002 memory corruption
2428| [53495] Microsoft Excel 2002/2003/2007 memory corruption
2429| [53494] Microsoft Excel 2002 Stack-based memory corruption
2430| [53504] Microsoft Excel 2002 memory corruption
2431| [53503] Microsoft Excel 2002 Stack-Based memory corruption
2432| [53502] Microsoft Excel 2002 Heap-based memory corruption
2433| [53498] Microsoft Excel 2002 Stack-based memory corruption
2434| [53497] Microsoft Excel 2002 memory corruption
2435| [53496] Microsoft Excel 2002 memory corruption
2436| [53493] Microsoft Excel 2002/2003/2007 memory corruption
2437| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
2438| [53366] Microsoft ASP.NET 2.0 cross site scripting
2439| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
2440| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
2441| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
2442| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
2443| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
2444| [52773] Microsoft Visio 2002/2003/2007 memory corruption
2445| [52772] Microsoft Visio 2002/2003/2007 memory corruption
2446| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
2447| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
2448| [52543] Microsoft Virtual PC 2007 unknown vulnerability
2449| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
2450| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
2451| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
2452| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
2453| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
2454| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
2455| [4090] Microsoft Excel 2002/2003/2007 memory corruption
2456| [52036] Microsoft Windows 2000 MsgBox memory corruption
2457| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
2458| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
2459| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
2460| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
2461| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
2462| [51799] Microsoft PowerPoint 2002/2003 memory corruption
2463| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
2464| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
2465| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
2466| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
2467| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
2468| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
2469| [51074] Microsoft Office 2002/2003 Integer memory corruption
2470| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
2471| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
2472| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
2473| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
2474| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
2475| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
2476| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
2477| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
2478| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
2479| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
2480| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
2481| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
2482| [50443] Microsoft PowerPoint 2007 Integer memory corruption
2483| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
2484| [49866] Microsoft Windows Server 2003 memory corruption
2485| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
2486| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
2487| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
2488| [49745] Microsoft Windows Server 2003 denial of service
2489| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
2490| [49394] Microsoft Windows Server 2003 memory corruption
2491| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
2492| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
2493| [49198] Microsoft Visual Studio 2005 information disclosure
2494| [49047] Microsoft Virtual Server 2005 privilege escalation
2495| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
2496| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
2497| [49044] Microsoft ISA Server 2006 privilege escalation
2498| [3999] Microsoft Office 2007 Pointer memory corruption
2499| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
2500| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
2501| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
2502| [48517] Microsoft Windows 2000 Memory Leak memory corruption
2503| [48516] Microsoft Windows Server 2008 unknown vulnerability
2504| [48512] Microsoft Windows Server 2008 unknown vulnerability
2505| [48515] Microsoft Office Word Viewer 2003 memory corruption
2506| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
2507| [48554] Microsoft Excel 2000/2003/2007 memory corruption
2508| [48157] Microsoft PowerPoint 2002 Sound memory corruption
2509| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
2510| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
2511| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
2512| [48150] Microsoft PowerPoint 2002 Sound memory corruption
2513| [48147] Microsoft PowerPoint 2002 Sound memory corruption
2514| [48146] Microsoft PowerPoint 2002 Integer memory corruption
2515| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
2516| [48153] Microsoft PowerPoint 2002 Sound memory corruption
2517| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
2518| [48149] Microsoft PowerPoint 2002 memory corruption
2519| [48148] Microsoft PowerPoint 2002 Sound memory corruption
2520| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
2521| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
2522| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
2523| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
2524| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
2525| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
2526| [47719] Microsoft Windows 2000 Stack-based memory corruption
2527| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
2528| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
2529| [47715] Microsoft Windows 2000 Wordpad memory corruption
2530| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
2531| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
2532| [3952] Microsoft ISA Server 2004/2006 denial of service
2533| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
2534| [47091] Microsoft Windows Server 2008 unknown vulnerability
2535| [47090] Microsoft Windows Server 2008 unknown vulnerability
2536| [3939] Microsoft Windows 2000 DNS spoofing
2537| [3938] Microsoft Windows 2000 SSL weak authentication
2538| [3937] Microsoft Windows 2000 memory corruption
2539| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
2540| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
2541| [46455] Microsoft Exchange Server 2007 denial of service
2542| [46454] Microsoft Exchange Server 2007 memory corruption
2543| [46453] Microsoft Visio 2002/2003/2007 memory corruption
2544| [46452] Microsoft Visio 2002/2003/2007 memory corruption
2545| [46451] Microsoft Visio 2002/2003/2007 memory corruption
2546| [46327] Microsoft Word 2007 information disclosure
2547| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
2548| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
2549| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
2550| [45379] Microsoft Office SharePoint Server 2007 denial of service
2551| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
2552| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
2553| [3891] Microsoft Excel 2000/2002/2003 memory corruption
2554| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
2555| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
2556| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
2557| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
2558| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
2559| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
2560| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
2561| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
2562| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
2563| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
2564| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
2565| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
2566| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
2567| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
2568| [45197] Microsoft Windows 2000 nskey.dll memory corruption
2569| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
2570| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
2571| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
2572| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
2573| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
2574| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
2575| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
2576| [3844] Microsoft Excel 2003 REPT memory corruption
2577| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
2578| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
2579| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
2580| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
2581| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
2582| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
2583| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
2584| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
2585| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
2586| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
2587| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
2588| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
2589| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
2590| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
2591| [43657] Microsoft Office 2000/2003/Xp memory corruption
2592| [43654] Microsoft SharePoint Server 2007 memory corruption
2593| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
2594| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
2595| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
2596| [3796] Microsoft Office 2000 WPG memory corruption
2597| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
2598| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
2599| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
2600| [3792] Microsoft Office 2000 EPS File memory corruption
2601| [3783] Microsoft Word 2002 memory corruption
2602| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
2603| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
2604| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
2605| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
2606| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
2607| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
2608| [42816] Microsoft Word 2000/2003 memory corruption
2609| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
2610| [42731] Microsoft Windows Server 2003 denial of service
2611| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
2612| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
2613| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
2614| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
2615| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
2616| [41880] Microsoft Project 2000/2002/2003 memory corruption
2617| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
2618| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
2619| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
2620| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
2621| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
2622| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
2623| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
2624| [41453] Microsoft Excel 2000/2002/2003 memory corruption
2625| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
2626| [41451] Microsoft Excel 2000/2002/2003 memory corruption
2627| [41450] Microsoft Excel 2000 memory corruption
2628| [41449] Microsoft Excel 2000/2002/2003 memory corruption
2629| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
2630| [3648] Microsoft Excel 2003 memory corruption
2631| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
2632| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
2633| [41002] Microsoft Office 2000/2003/Xp memory corruption
2634| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
2635| [41000] Microsoft Works 2005/8.0 memory corruption
2636| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
2637| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
2638| [40987] Microsoft Windows 2000 denial of service
2639| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
2640| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
2641| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
2642| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
2643| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
2644| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
2645| [39655] Microsoft Windows Server 2003 spoofing
2646| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
2647| [3373] Microsoft Word 2000/2002 memory corruption
2648| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
2649| [38899] Microsoft ISA Server 2004 information disclosure
2650| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
2651| [38326] Microsoft Windows 2000 attemptwrite memory corruption
2652| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
2653| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
2654| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
2655| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
2656| [37738] Microsoft Office 2002/2003 memory corruption
2657| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
2658| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
2659| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
2660| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
2661| [37566] Microsoft Excel 2003 unknown vulnerability
2662| [37526] Microsoft Windows 2000/Server 2003 denial of service
2663| [37248] Microsoft Visio 2002 Packaging memory corruption
2664| [37251] Microsoft Windows 2000 memory corruption
2665| [3119] Microsoft Visio 2002 Object memory corruption
2666| [3118] Microsoft Visio 2002 Data memory corruption
2667| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
2668| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
2669| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
2670| [36616] Microsoft Works 2004/2005/2006 memory corruption
2671| [36621] Microsoft Exchange Server 2000 Integer denial of service
2672| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
2673| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
2674| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
2675| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
2676| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
2677| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
2678| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
2679| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
2680| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
2681| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
2682| [36039] Microsoft Content Management Server 2001 memory corruption
2683| [36052] Microsoft Windows 2000 Heap-based memory corruption
2684| [36051] Microsoft Word 2007 file798-1.doc memory corruption
2685| [36050] Microsoft Word 2007 file789-1.doc memory corruption
2686| [36040] Microsoft Content Management Server 2001 cross site scripting
2687| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
2688| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
2689| [36002] Microsoft Windows 2000/XP denial of service
2690| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
2691| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
2692| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
2693| [35373] Microsoft Excel 2003 denial of service
2694| [35372] Microsoft Office 2003 denial of service
2695| [35206] Microsoft Windows Server 2003/XP Crash denial of service
2696| [35161] Microsoft ISA Server 2004 unknown vulnerability
2697| [35236] Microsoft Publisher 2007 memory corruption
2698| [2939] Microsoft Word 2000 memory corruption
2699| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
2700| [34993] Microsoft Office 2000/2003/Xp memory corruption
2701| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
2702| [35000] Microsoft Word 2000/2002/2003 memory corruption
2703| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
2704| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
2705| [2884] Microsoft Word 2000/2002/2003 memory corruption
2706| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
2707| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
2708| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
2709| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
2710| [34322] Microsoft Office 2000/2003/Xp memory corruption
2711| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
2712| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
2713| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
2714| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
2715| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
2716| [34126] Microsoft Office 2003 memory corruption
2717| [34122] Microsoft Office Web Components 2000 memory corruption
2718| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
2719| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
2720| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
2721| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
2722| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
2723| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
2724| [33766] Microsoft Word 2000/2002/2003 memory corruption
2725| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
2726| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
2727| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
2728| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
2729| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
2730| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
2731| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
2732| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
2733| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
2734| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
2735| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
2736| [32693] Microsoft Word 2004 memory corruption
2737| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
2738| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
2739| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
2740| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
2741| [32694] Microsoft Windows 2000 memory corruption
2742| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2743| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2744| [32687] Microsoft Word 2000/2002 memory corruption
2745| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
2746| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
2747| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
2748| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
2749| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
2750| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
2751| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
2752| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
2753| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
2754| [2593] Microsoft ASP.NET 2.0 cross site scripting
2755| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
2756| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
2757| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
2758| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
2759| [141635] Microsoft .NET Core 2.1/2.2 denial of service
2760| [141633] Microsoft Excel up to 2019 memory corruption
2761| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
2762| [141630] Microsoft Windows up to Server 2019 denial of service
2763| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
2764| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
2765| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
2766| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
2767| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
2768| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
2769| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
2770| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
2771| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
2772| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
2773| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
2774| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
2775| [141610] Microsoft Excel up to 2019 information disclosure
2776| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2777| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
2778| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
2779| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
2780| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
2781| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
2782| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
2783| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2784| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2785| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2786| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2787| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2788| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2789| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2790| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2791| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2792| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2793| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2794| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2795| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
2796| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
2797| [141583] Microsoft Lync Server 2013 Conference directory traversal
2798| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
2799| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
2800| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
2801| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
2802| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
2803| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
2804| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
2805| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
2806| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2807| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2808| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2809| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2810| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2811| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
2812| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
2813| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
2814| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
2815| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
2816| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
2817| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
2818| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
2819| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
2820| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
2821| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
2822| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
2823| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
2824| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
2825| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
2826| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
2827| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
2828| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
2829| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
2830| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
2831| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
2832| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2833| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2834| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2835| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2836| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2837| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2838| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2839| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2840| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2841| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2842| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
2843| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
2844| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
2845| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
2846| [139911] Microsoft Windows up to Server 2019 denial of service
2847| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
2848| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
2849| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
2850| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2851| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2852| [139902] Microsoft Word up to 2019 memory corruption
2853| [139901] Microsoft Outlook up to 2019 memory corruption
2854| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
2855| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2856| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2857| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2858| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
2859| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
2860| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
2861| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
2862| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
2863| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
2864| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2865| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
2866| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
2867| [139877] Microsoft Outlook up to 2019 memory corruption
2868| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2869| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2870| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
2871| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
2872| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
2873| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
2874| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
2875| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
2876| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2877| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2878| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2879| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2880| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2881| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2882| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2883| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2884| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2885| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2886| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
2887| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2888| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
2889| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
2890| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
2891| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2892| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2893| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2894| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2895| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
2896| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
2897| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
2898| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
2899| [137541] Microsoft Windows up to Server 2019 memory corruption
2900| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
2901| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
2902| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
2903| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
2904| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2905| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
2906| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
2907| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
2908| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
2909| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
2910| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
2911| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
2912| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
2913| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
2914| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
2915| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
2916| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
2917| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
2918| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
2919| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
2920| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
2921| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
2922| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
2923| [136327] Microsoft Lync Server 2010/2013 denial of service
2924| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2925| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2926| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2927| [136323] Microsoft Windows up to Server 2019 denial of service
2928| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
2929| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2930| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
2931| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
2932| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
2933| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
2934| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
2935| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
2936| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2937| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2938| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
2939| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
2940| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2941| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2942| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
2943| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
2944| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
2945| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2946| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2947| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2948| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2949| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2950| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2951| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
2952| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
2953| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
2954| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
2955| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2956| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
2957| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
2958| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2959| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
2960| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2961| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
2962| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
2963| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
2964| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2965| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
2966| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
2967| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2968| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2969| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
2970| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2971| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2972| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
2973| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
2974| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2975| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2976| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2977| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2978| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2979| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2980| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2981| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2982| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2983| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2984| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2985| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
2986| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2987| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2988| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2989| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
2990| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
2991| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
2992| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
2993| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
2994| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
2995| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
2996| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
2997| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
2998| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2999| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3000| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
3001| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
3002| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
3003| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
3004| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
3005| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3006| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
3007| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
3008| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3009| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3010| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
3011| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
3012| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
3013| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
3014| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
3015| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
3016| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3017| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
3018| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3019| [133204] Microsoft Office/Excel up to 2019 memory corruption
3020| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3021| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3022| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3023| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3024| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
3025| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
3026| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
3027| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
3028| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3029| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
3030| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3031| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
3032| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
3033| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3034| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3035| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
3036| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
3037| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
3038| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
3039| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
3040| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
3041| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
3042| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
3043| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
3044| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
3045| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
3046| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
3047| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
3048| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
3049| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
3050| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
3051| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
3052| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
3053| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
3054| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
3055| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
3056| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
3057| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
3058| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
3059| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
3060| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
3061| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
3062| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
3063| [131658] Microsoft Windows up to Server 2019 information disclosure
3064| [131657] Microsoft Windows up to Server 2019 denial of service
3065| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
3066| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
3067| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
3068| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
3069| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
3070| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
3071| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
3072| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
3073| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3074| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
3075| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
3076| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
3077| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
3078| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
3079| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
3080| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
3081| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
3082| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
3083| [130832] Microsoft 2013 SP1 spoofing
3084| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
3085| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
3086| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
3087| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
3088| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
3089| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
3090| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3091| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
3092| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
3093| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
3094| [130814] Microsoft Windows up to Server 2019 privilege escalation
3095| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
3096| [130808] Microsoft Windows up to Server 2019 information disclosure
3097| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
3098| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
3099| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
3100| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
3101| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
3102| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
3103| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
3104| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3105| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
3106| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
3107| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
3108| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
3109| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
3110| [130792] Microsoft Windows up to Server 2019 HID information disclosure
3111| [130791] Microsoft Windows up to Server 2019 HID information disclosure
3112| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3113| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3114| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3115| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3116| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3117| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
3118| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
3119| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
3120| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
3121| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
3122| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
3123| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
3124| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
3125| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3126| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3127| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3128| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3129| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3130| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3131| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3132| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3133| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3134| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3135| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3136| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
3137| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
3138| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
3139| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3140| [128745] Microsoft Office up to 2019 Word Macro information disclosure
3141| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3142| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3143| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
3144| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
3145| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
3146| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
3147| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
3148| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
3149| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
3150| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
3151| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
3152| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3153| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3154| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3155| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3156| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
3157| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
3158| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
3159| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
3160| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
3161| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
3162| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
3163| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
3164| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
3165| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
3166| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
3167| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
3168| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
3169| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
3170| [127817] Microsoft Excel up to 2019 information disclosure
3171| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
3172| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
3173| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
3174| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
3175| [127806] Microsoft Outlook up to 2019 memory corruption
3176| [127805] Microsoft Excel up to 2019 memory corruption
3177| [127804] Microsoft Excel up to 2019 memory corruption
3178| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
3179| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
3180| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
3181| [126755] Microsoft .NET Core 2.1 privilege escalation
3182| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
3183| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
3184| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
3185| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
3186| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3187| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
3188| [126744] Microsoft Office up to 2019 Word memory corruption
3189| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3190| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3191| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
3192| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
3193| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
3194| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
3195| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
3196| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
3197| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
3198| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3199| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3200| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
3201| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
3202| [126718] Microsoft Windows up to Server 2016 Search memory corruption
3203| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
3204| [126716] Microsoft Office up to 2019 Excel memory corruption
3205| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
3206| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
3207| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
3208| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
3209| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
3210| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
3211| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
3212| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
3213| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
3214| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
3215| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
3216| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
3217| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
3218| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
3219| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
3220| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
3221| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
3222| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3223| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3224| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3225| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3226| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
3227| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
3228| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
3229| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3230| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
3231| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
3232| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
3233| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3234| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3235| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
3236| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
3237| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
3238| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
3239| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
3240| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
3241| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
3242| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
3243| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
3244| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
3245| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
3246| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3247| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
3248| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
3249| [123849] Microsoft Windows up to Server 2016 SMB denial of service
3250| [123846] Microsoft Office 2016 on Win/Mac memory corruption
3251| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
3252| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3253| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3254| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
3255| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
3256| [123827] Microsoft Windows up to Server 2016 Image memory corruption
3257| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
3258| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
3259| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
3260| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
3261| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
3262| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
3263| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
3264| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
3265| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3266| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
3267| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
3268| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3269| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
3270| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
3271| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
3272| [122848] Microsoft Windows Security Feature 2FA weak authentication
3273| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
3274| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
3275| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
3276| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
3277| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3278| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
3279| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
3280| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
3281| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
3282| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
3283| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
3284| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3285| [121098] Microsoft Office 2016/2016 C2R memory corruption
3286| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
3287| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
3288| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3289| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
3290| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
3291| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
3292| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
3293| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
3294| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3295| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
3296| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3297| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3298| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3299| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3300| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3301| [119459] Microsoft Windows up to Server 2016 memory corruption
3302| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
3303| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
3304| [119455] Microsoft Windows up to Server 2016 denial of service
3305| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3306| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
3307| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
3308| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
3309| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
3310| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
3311| [119436] Microsoft Windows up to Server 2016 memory corruption
3312| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
3313| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
3314| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
3315| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
3316| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
3317| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
3318| [117507] Microsoft Infopath 2013 SP1 memory corruption
3319| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
3320| [117504] Microsoft Office 2010 SP2 information disclosure
3321| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
3322| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
3323| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3324| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
3325| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
3326| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
3327| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
3328| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
3329| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3330| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3331| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3332| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3333| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3334| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3335| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
3336| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
3337| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
3338| [116132] Microsoft Office 2016 Memory information disclosure
3339| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3340| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
3341| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
3342| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
3343| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
3344| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
3345| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3346| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
3347| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
3348| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
3349| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
3350| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
3351| [116023] Microsoft Office up to 2016 C2R information disclosure
3352| [116022] Microsoft Excel 2010 SP2 memory corruption
3353| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
3354| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
3355| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3356| [116017] Microsoft Excel up to 2016 C2R memory corruption
3357| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
3358| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3359| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
3360| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
3361| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
3362| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
3363| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
3364| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
3365| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
3366| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
3367| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
3368| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
3369| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
3370| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3371| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
3372| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
3373| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
3374| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3375| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3376| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3377| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3378| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3379| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3380| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3381| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3382| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3383| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3384| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3385| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
3386| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
3387| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
3388| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
3389| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
3390| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
3391| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
3392| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
3393| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
3394| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
3395| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
3396| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
3397| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
3398| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
3399| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
3400| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
3401| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
3402| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
3403| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
3404| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
3405| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
3406| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
3407| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
3408| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
3409| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
3410| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
3411| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
3412| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
3413| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
3414| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
3415| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
3416| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
3417| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
3418| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
3419| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
3420| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
3421| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
3422| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
3423| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
3424| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3425| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3426| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
3427| [113232] Microsoft Excel 2016 memory corruption
3428| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
3429| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
3430| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
3431| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
3432| [111567] Microsoft Office 2010/2013/2016 memory corruption
3433| [111564] Microsoft Word 2016 memory corruption
3434| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
3435| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
3436| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3437| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
3438| [110553] Microsoft Office 2016 C2R information disclosure
3439| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
3440| [110551] Microsoft Excel 2016 C2R memory corruption
3441| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
3442| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
3443| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
3444| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
3445| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
3446| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
3447| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
3448| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
3449| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
3450| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
3451| [107759] Microsoft Windows up to Server 2016 SMB denial of service
3452| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3453| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3454| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
3455| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
3456| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
3457| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
3458| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
3459| [107738] Microsoft Windows up to Server 2016 Search information disclosure
3460| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
3461| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
3462| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
3463| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3464| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3465| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3466| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
3467| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
3468| [107698] Microsoft Office 2016 memory corruption
3469| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
3470| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
3471| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3472| [106529] Microsoft PowerPoint 2016 memory corruption
3473| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
3474| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
3475| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
3476| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
3477| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
3478| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
3479| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
3480| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
3481| [106474] Microsoft Office 2016 memory corruption
3482| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
3483| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
3484| [106470] Microsoft Excel 2011 on Mac memory corruption
3485| [106455] Microsoft Exchange Server 2013/2016 information disclosure
3486| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
3487| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
3488| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
3489| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
3490| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
3491| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
3492| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
3493| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
3494| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
3495| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
3496| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
3497| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
3498| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
3499| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
3500| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
3501| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
3502| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
3503| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
3504| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
3505| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3506| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
3507| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
3508| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
3509| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
3510| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
3511| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
3512| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
3513| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
3514| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
3515| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
3516| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
3517| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
3518| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
3519| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
3520| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
3521| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
3522| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
3523| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
3524| [102463] Microsoft Project Server 2013 SP1 cross site scripting
3525| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
3526| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
3527| [102446] Microsoft Office up to 2016 privilege escalation
3528| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
3529| [102443] Microsoft Office up to 2016 privilege escalation
3530| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
3531| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
3532| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
3533| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
3534| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
3535| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
3536| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
3537| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
3538| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
3539| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3540| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
3541| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
3542| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3543| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
3544| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3545| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3546| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3547| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
3548| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3549| [101019] Microsoft Skype for Business 2016 memory corruption
3550| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
3551| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
3552| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
3553| [101014] Microsoft Office 2010 SP2/2016 memory corruption
3554| [101013] Microsoft Office 2010 SP2/2016 memory corruption
3555| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3556| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3557| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3558| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3559| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
3560| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
3561| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
3562| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
3563| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
3564| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
3565| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
3566| [98096] Microsoft Exchange 2013 SP1 privilege escalation
3567| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
3568| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
3569| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
3570| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
3571| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
3572| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
3573| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
3574| [98081] Microsoft Excel up to 2016 information disclosure
3575| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3576| [98079] Microsoft Word 2016 memory corruption
3577| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
3578| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
3579| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
3580| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
3581| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
3582| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
3583| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
3584| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
3585| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
3586| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
3587| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
3588| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
3589| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
3590| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
3591| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
3592| [94451] Microsoft Office 2011 memory corruption
3593| [94447] Microsoft Office 2010 SP2 memory corruption
3594| [94446] Microsoft Office 2016 memory corruption
3595| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
3596| [94443] Microsoft Office up to 2016 information disclosure
3597| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
3598| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
3599| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
3600| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
3601| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
3602| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
3603| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
3604| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
3605| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
3606| [93393] Microsoft Office up to 2016 memory corruption
3607| [93392] Microsoft Office up to 2016 memory corruption
3608| [93391] Microsoft Office up to 2016 memory corruption
3609| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
3610| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
3611| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
3612| [92584] Microsoft Office up to 2016 memory corruption
3613| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
3614| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
3615| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
3616| [91555] Microsoft Exchange 2013/2016 Link spoofing
3617| [91550] Microsoft Office 2016 memory corruption
3618| [91547] Microsoft Office 2010 memory corruption
3619| [91543] Microsoft Office up to 2016 memory corruption
3620| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
3621| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
3622| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
3623| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
3624| [89043] Microsoft Office up to 2016 memory corruption
3625| [89041] Microsoft Office up to 2016 memory corruption
3626| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
3627| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
3628| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3629| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
3630| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
3631| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
3632| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
3633| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
3634| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
3635| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
3636| [87936] Microsoft Office up to 2016 memory corruption
3637| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
3638| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
3639| [87149] Microsoft Office up to 2016 memory corruption
3640| [87148] Microsoft Office 2010 Graphics memory corruption
3641| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
3642| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
3643| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
3644| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
3645| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
3646| [81274] Microsoft Office up to 2016 memory corruption
3647| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
3648| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
3649| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
3650| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3651| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
3652| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
3653| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
3654| [80870] Microsoft Office up to 2016 memory corruption
3655| [80868] Microsoft Office up to 2016 memory corruption
3656| [80867] Microsoft Office up to 2016 memory corruption
3657| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
3658| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
3659| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
3660| [80231] Microsoft Excel up to 2016 Office Document memory corruption
3661| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
3662| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
3663| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
3664| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
3665| [80218] Microsoft Office up to 2016 ASLR privilege escalation
3666| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
3667| [80216] Microsoft Office up to 2016 Office Document memory corruption
3668| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
3669| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
3670| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
3671| [79500] Microsoft Office 2010/2011/2016 memory corruption
3672| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
3673| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
3674| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
3675| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
3676| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
3677| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
3678| [77638] Microsoft Lync Server 2013 cross site scripting
3679| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3680| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
3681| [77050] Microsoft Office up to 2016 memory corruption
3682| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
3683| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
3684| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
3685| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
3686| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
3687| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
3688| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
3689| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
3690| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
3691| [66976] Microsoft Access 2010 VBA Datatype denial of service
3692| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
3693| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
3694| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
3695| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
3696| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
3697| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
3698| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
3699| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
3700| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
3701| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
3702| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
3703| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
3704| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
3705| [69156] Microsoft Office 2010 Object memory corruption
3706| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
3707| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
3708| [68191] Microsoft SharePoint 2010 cross site scripting
3709| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
3710| [67518] Microsoft Lync 2013 denial of service
3711| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
3712| [67516] Microsoft Lync 2010/2013 denial of service
3713| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
3714| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
3715| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
3716| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
3717| [13228] Microsoft Office 2013 Document privilege escalation
3718| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
3719| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
3720| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
3721| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
3722| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
3723| [12183] Microsoft .NET Framework 2/4 DTD denial of service
3724| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
3725| [11468] Microsoft Exchange 2010/2013 cross site scripting
3726| [11466] Microsoft Office 2013 File Response information disclosure
3727| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
3728| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
3729| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
3730| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
3731| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
3732| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
3733| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
3734| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
3735| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
3736| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
3737| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
3738| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
3739| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
3740| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
3741| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
3742| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
3743| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
3744| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
3745| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
3746| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
3747| [7343] Microsoft Lync 2012 HTTP Format String
3748| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
3749| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
3750| [6831] Microsoft Office Picture Manager 2010 File memory corruption
3751| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
3752| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
3753| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
3754| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
3755| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
3756| [5641] Microsoft SharePoint 2010 cross site scripting
3757| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
3758| [12311] Microsoft Lync 2010 Search race condition
3759| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
3760| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
3761| [60208] Microsoft Visio Viewer 2010 memory corruption
3762| [60207] Microsoft Visio Viewer 2010 memory corruption
3763| [60206] Microsoft Visio Viewer 2010 memory corruption
3764| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
3765| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
3766| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
3767| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
3768| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
3769| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
3770| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
3771| [4424] Microsoft Host Integration Server up to 2010 denial of service
3772| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
3773| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
3774| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
3775| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
3776| [4414] Microsoft SharePoint 2010 cross site scripting
3777| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
3778| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
3779| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
3780| [56028] Microsoft Data Access Components 2.8 memory corruption
3781| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
3782| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
3783| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
3784| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
3785| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
3786| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
3787| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
3788| [4009] Microsoft NET Framework 2.x/3.x denial of service
3789| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
3790| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3791| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3792| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3793| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
3794| [32692] Microsoft XML Core Services up to 2.6 memory corruption
3795| [32691] Microsoft XML Core Services up to 2.6 memory corruption
3796|
3797| MITRE CVE - https://cve.mitre.org:
3798| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
3799| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
3800| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
3801| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
3802| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
3803| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
3804| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
3805| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
3806| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
3807| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
3808| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
3809| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
3810| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
3811| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
3812| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
3813| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
3814| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
3815| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
3816| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
3817| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
3818| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
3819| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
3820| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
3821| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
3822| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
3823| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
3824| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
3825| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
3826| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
3827| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
3828| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
3829| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
3830| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
3831| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
3832| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
3833| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
3834| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
3835| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
3836| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
3837| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
3838| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
3839| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
3840| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
3841| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
3842| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
3843| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
3844| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
3845| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
3846| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
3847| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3848| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3849| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3850| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3851| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3852| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3853| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3854| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3855| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3856| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3857| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3858| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3859| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3860| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3861| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3862| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3863| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3864| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3865| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3866| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3867| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3868| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3869| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3870| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3871| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3872| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3873| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3874| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3875| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3876| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3877| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
3878| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
3879| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
3880| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
3881| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
3882| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
3883| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
3884| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
3885| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
3886| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
3887| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
3888| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
3889| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
3890| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
3891| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
3892| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
3893| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
3894| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
3895| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
3896| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
3897| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
3898| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
3899| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
3900| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
3901| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
3902| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3903| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
3904| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
3905| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
3906| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3907| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
3908| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
3909| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
3910| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
3911| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
3912| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
3913| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
3914| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
3915| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
3916| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3917| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3918| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
3919| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
3920| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
3921| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
3922| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
3923| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
3924| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
3925| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
3926| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
3927| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
3928| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
3929| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3930| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
3931| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
3932| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
3933| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3934| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
3935| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
3936| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
3937| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
3938| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
3939| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
3940| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
3941| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
3942| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
3943| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
3944| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3945| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
3946| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
3947| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
3948| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
3949| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
3950| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
3951| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
3952| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
3953| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
3954| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
3955| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
3956| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
3957| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
3958| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
3959| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
3960| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
3961| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3962| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
3963| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
3964| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
3965| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
3966| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
3967| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
3968| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
3969| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
3970| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
3971| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3972| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3973| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
3974| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
3975| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
3976| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
3977| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
3978| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
3979| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
3980| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
3981| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
3982| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
3983| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
3984| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
3985| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
3986| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
3987| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
3988| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
3989| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
3990| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
3991| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
3992| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
3993| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
3994| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
3995| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
3996| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
3997| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
3998| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
3999| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
4000| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
4001| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
4002| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
4003| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
4004| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
4005| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
4006| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
4007| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
4008| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
4009| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
4010| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
4011| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
4012| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
4013| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
4014| [CVE-2011-1990] Microsoft Excel 2007 SP2
4015| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
4016| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
4017| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
4018| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
4019| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
4020| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
4021| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
4022| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
4023| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
4024| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
4025| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
4026| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
4027| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
4028| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
4029| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
4030| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
4031| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
4032| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
4033| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
4034| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
4035| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
4036| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
4037| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
4038| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
4039| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4040| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4041| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4042| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4043| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4044| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4045| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4046| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4047| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4048| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4049| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
4050| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4051| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4052| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4053| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
4054| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
4055| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
4056| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
4057| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
4058| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
4059| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
4060| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
4061| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
4062| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
4063| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
4064| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
4065| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
4066| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
4067| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
4068| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
4069| [CVE-2011-1275] Microsoft Excel 2002 SP3
4070| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
4071| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4072| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
4073| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
4074| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
4075| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
4076| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
4077| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
4078| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
4079| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
4080| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
4081| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
4082| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
4083| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
4084| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4085| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4086| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4087| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4088| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4089| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4090| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4091| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4092| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4093| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4094| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4095| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4096| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4097| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4098| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4099| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4100| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4101| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4102| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
4103| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4104| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
4105| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
4106| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
4107| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4108| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4109| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4110| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4111| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4112| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4113| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4114| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4115| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4116| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4117| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
4118| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4119| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
4120| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
4121| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
4122| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
4123| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4124| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
4125| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
4126| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
4127| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
4128| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
4129| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
4130| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
4131| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4132| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4133| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
4134| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
4135| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
4136| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
4137| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
4138| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
4139| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
4140| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
4141| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
4142| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
4143| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
4144| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
4145| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
4146| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
4147| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
4148| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
4149| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
4150| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
4151| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
4152| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
4153| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
4154| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
4155| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
4156| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
4157| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
4158| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
4159| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
4160| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
4161| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
4162| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
4163| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
4164| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
4165| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
4166| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
4167| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
4168| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
4169| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
4170| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
4171| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
4172| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
4173| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
4174| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
4175| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
4176| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
4177| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
4178| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
4179| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
4180| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
4181| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
4182| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
4183| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
4184| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
4185| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
4186| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
4187| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
4188| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
4189| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
4190| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
4191| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
4192| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
4193| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
4194| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
4195| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
4196| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
4197| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
4198| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
4199| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
4200| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
4201| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
4202| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
4203| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
4204| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
4205| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
4206| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
4207| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
4208| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
4209| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
4210| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
4211| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
4212| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
4213| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
4214| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
4215| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4216| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
4217| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
4218| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
4219| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
4220| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
4221| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
4222| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
4223| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
4224| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
4225| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
4226| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
4227| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
4228| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
4229| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
4230| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
4231| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
4232| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
4233| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
4234| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
4235| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
4236| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
4237| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
4238| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
4239| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
4240| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
4241| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
4242| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
4243| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
4244| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
4245| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
4246| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
4247| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
4248| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
4249| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
4250| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
4251| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
4252| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
4253| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
4254| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
4255| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
4256| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
4257| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
4258| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
4259| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
4260| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
4261| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
4262| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
4263| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
4264| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
4265| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
4266| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
4267| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
4268| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
4269| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
4270| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
4271| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
4272| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
4273| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
4274| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
4275| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
4276| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
4277| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
4278| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
4279| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
4280| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
4281| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
4282| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
4283| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
4284| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
4285| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
4286| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
4287| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
4288| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
4289| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
4290| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
4291| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
4292| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
4293| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
4294| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
4295| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
4296| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
4297| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
4298| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
4299| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
4300| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
4301| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
4302| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
4303| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
4304| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
4305| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
4306| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
4307| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
4308| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
4309| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
4310| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
4311| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
4312| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
4313| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
4314| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
4315| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
4316| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
4317| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
4318| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
4319| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
4320| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
4321| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
4322| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
4323| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
4324| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
4325| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
4326| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
4327| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
4328| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
4329| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
4330| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
4331| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
4332| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4333| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
4334| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
4335| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
4336| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
4337| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
4338| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
4339| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
4340| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
4341| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
4342| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
4343| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
4344| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
4345| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
4346| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
4347| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
4348| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
4349| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
4350| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
4351| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
4352| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
4353| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
4354| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
4355| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
4356| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
4357| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
4358| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
4359| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
4360| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
4361| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
4362| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
4363| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
4364| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
4365| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
4366| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
4367| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
4368| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
4369| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
4370| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
4371| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
4372| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
4373| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
4374| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
4375| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
4376| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
4377| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
4378| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
4379| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
4380| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
4381| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
4382| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
4383| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
4384| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4385| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
4386| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4387| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4388| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
4389| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4390| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
4391| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
4392| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
4393| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
4394| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
4395| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
4396| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
4397| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
4398| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
4399| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
4400| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
4401| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
4402| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
4403| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
4404| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
4405| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
4406| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
4407| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
4408| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
4409| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
4410| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
4411| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
4412| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
4413| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
4414| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
4415| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
4416| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
4417| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
4418| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
4419| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
4420| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
4421| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
4422| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
4423| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
4424| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
4425| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
4426| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
4427| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
4428| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
4429| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
4430| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
4431| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
4432| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
4433| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
4434| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
4435| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
4436| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
4437| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
4438| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
4439| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
4440| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
4441| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
4442| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
4443| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
4444| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
4445| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
4446| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
4447| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
4448| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
4449| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
4450| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
4451| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
4452| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
4453| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
4454| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
4455| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
4456| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
4457| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
4458| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
4459| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
4460| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
4461| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
4462| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
4463| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
4464| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
4465| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
4466| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
4467| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
4468| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
4469| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4470| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
4471| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
4472| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
4473| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
4474| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
4475| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
4476| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
4477| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
4478| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
4479| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
4480| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
4481| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
4482| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
4483| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
4484| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
4485| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
4486| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
4487| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
4488| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
4489| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
4490| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
4491| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
4492| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
4493| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
4494| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
4495| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
4496| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
4497| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4498| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
4499| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
4500| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
4501| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
4502| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
4503| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
4504| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
4505| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
4506| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
4507| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
4508| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
4509| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
4510| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
4511| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
4512| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
4513| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
4514| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
4515| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
4516| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
4517| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
4518| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
4519| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
4520| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
4521| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
4522| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
4523| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
4524| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
4525| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
4526| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
4527| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
4528| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
4529| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
4530| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
4531| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
4532| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
4533| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
4534| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
4535| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
4536| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
4537| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4538| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
4539| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
4540| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
4541| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
4542| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
4543| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
4544| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
4545| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
4546| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4547| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
4548| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
4549| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
4550| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
4551| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
4552| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
4553| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
4554| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
4555| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
4556| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
4557| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
4558| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4559| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4560| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4561| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4562| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4563| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4564| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
4565| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
4566| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
4567| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
4568| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
4569| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
4570| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
4571| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
4572| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
4573| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
4574| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
4575| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
4576| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
4577| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4578| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
4579| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4580| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
4581| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4582| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4583| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
4584| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
4585| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
4586| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
4587| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
4588| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
4589| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
4590| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
4591| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
4592| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
4593| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
4594| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
4595| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
4596| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
4597| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
4598| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
4599| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
4600| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
4601| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
4602| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
4603| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
4604| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
4605| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
4606| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
4607| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
4608| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
4609| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
4610| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
4611| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
4612| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
4613| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
4614| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
4615| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
4616| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
4617| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
4618| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
4619| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
4620| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
4621| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
4622| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
4623| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
4624| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
4625| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
4626| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
4627| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
4628| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
4629| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
4630| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
4631| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
4632| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
4633| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
4634| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
4635| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
4636| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
4637| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
4638| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
4639| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
4640| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
4641| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
4642| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
4643| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
4644| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
4645| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
4646| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
4647| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
4648| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
4649| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
4650| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
4651| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
4652| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
4653| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
4654| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
4655| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
4656| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
4657| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
4658| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
4659| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
4660| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
4661| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
4662| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
4663| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
4664| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
4665| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
4666| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
4667| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
4668| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
4669| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
4670| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
4671| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
4672| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
4673| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
4674| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
4675| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
4676| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
4677| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
4678| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
4679| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
4680| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
4681| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
4682| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
4683| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
4684| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
4685| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
4686| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
4687| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
4688| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
4689| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
4690| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
4691| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
4692| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
4693| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
4694| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
4695| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
4696| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
4697| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
4698| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
4699| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
4700| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
4701| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
4702| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
4703| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
4704| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
4705| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
4706| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
4707| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
4708| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
4709| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
4710| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
4711| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
4712| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
4713| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
4714| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
4715| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
4716| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
4717| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
4718| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
4719| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
4720| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
4721| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
4722| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
4723| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
4724| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
4725| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
4726| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
4727| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
4728| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
4729| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
4730| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
4731| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
4732| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
4733| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
4734| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
4735| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
4736| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
4737| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
4738| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
4739| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
4740| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
4741| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
4742| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
4743| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
4744| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
4745| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
4746| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
4747| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
4748| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
4749| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
4750| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
4751| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
4752| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
4753| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
4754| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
4755| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
4756| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
4757| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
4758| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
4759| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
4760| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
4761| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
4762| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
4763| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
4764| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
4765| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
4766| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
4767| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
4768| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
4769| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
4770| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
4771| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
4772| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
4773| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
4774| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
4775| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
4776| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
4777| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
4778| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
4779| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
4780| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
4781| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
4782| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
4783| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
4784| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
4785| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
4786| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
4787| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
4788| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
4789| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
4790| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
4791| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
4792| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
4793| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
4794| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
4795| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
4796| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
4797| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
4798| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
4799| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
4800| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
4801| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
4802| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
4803| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
4804| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
4805| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
4806| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
4807| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
4808| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
4809| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
4810| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
4811| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
4812| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
4813| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
4814| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
4815| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
4816| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
4817| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
4818| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
4819| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
4820| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
4821| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
4822| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
4823| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
4824| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
4825| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
4826| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
4827| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
4828| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
4829| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
4830| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
4831| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
4832| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
4833| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
4834| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
4835| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
4836| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
4837| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
4838| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
4839| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
4840| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
4841| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
4842| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
4843| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
4844| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
4845| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
4846| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
4847| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
4848| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
4849| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
4850| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
4851| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
4852| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
4853| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
4854| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
4855| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
4856| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
4857| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
4858| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
4859| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
4860| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
4861| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
4862| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
4863| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
4864| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
4865| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
4866| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
4867| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
4868| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
4869| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
4870| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
4871| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
4872| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
4873| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
4874| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
4875| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
4876| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
4877| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
4878| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
4879| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
4880| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
4881| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
4882| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
4883| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
4884| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
4885| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
4886| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
4887| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
4888| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
4889| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
4890| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
4891| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
4892| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
4893| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
4894| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
4895| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
4896| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
4897| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
4898| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
4899| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
4900| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
4901| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
4902| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
4903| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
4904| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
4905| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
4906| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
4907| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
4908| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
4909| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
4910| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
4911| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
4912| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
4913| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
4914| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
4915| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
4916| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
4917| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
4918| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
4919| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
4920| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
4921| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
4922| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
4923| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
4924| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
4925| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
4926| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
4927| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
4928| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
4929| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
4930| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
4931| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
4932| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
4933| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
4934| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
4935| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
4936| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
4937| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
4938| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
4939| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
4940| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
4941| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
4942| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
4943| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
4944| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
4945| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
4946| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
4947| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
4948| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
4949| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
4950| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
4951| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
4952| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
4953| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
4954| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
4955| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
4956| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
4957| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
4958| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
4959| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
4960| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
4961| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
4962| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
4963| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
4964| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
4965| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
4966| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
4967| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
4968| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
4969| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
4970| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
4971| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
4972| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
4973| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
4974| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
4975| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
4976| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
4977| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
4978| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
4979| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
4980| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
4981| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
4982| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
4983| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
4984| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
4985| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
4986| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
4987| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
4988| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
4989| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
4990| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
4991| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
4992| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
4993| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
4994| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
4995| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
4996| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
4997| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
4998| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
4999| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
5000| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
5001| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
5002| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
5003| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
5004| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
5005| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
5006| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
5007| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
5008| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
5009| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
5010| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
5011| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
5012| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
5013| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
5014| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
5015| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
5016| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
5017| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
5018| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
5019| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
5020| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
5021| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
5022| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
5023| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
5024| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
5025| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
5026| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
5027| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
5028| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
5029| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
5030| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
5031| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
5032| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
5033| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
5034| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
5035| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
5036| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
5037| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
5038| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
5039| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
5040| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
5041| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
5042| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
5043| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
5044| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
5045| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
5046| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
5047| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
5048| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
5049| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
5050| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
5051| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
5052| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
5053| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
5054| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
5055| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
5056| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
5057| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
5058| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
5059| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
5060| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
5061| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
5062| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
5063| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
5064| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
5065| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
5066| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
5067| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
5068| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
5069| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
5070| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
5071| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
5072| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
5073| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
5074| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
5075| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
5076| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
5077| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
5078| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
5079| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
5080| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
5081| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
5082| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
5083| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
5084| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
5085| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
5086| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
5087| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
5088| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
5089| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
5090| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
5091| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
5092| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
5093| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
5094| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
5095| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
5096| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
5097| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
5098| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
5099| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
5100| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
5101| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
5102| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
5103| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
5104| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
5105| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
5106| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
5107| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
5108| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
5109| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
5110| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
5111| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
5112| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
5113| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
5114| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
5115| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
5116| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
5117| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
5118| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
5119| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
5120| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
5121| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
5122| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
5123| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
5124| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
5125| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
5126| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
5127| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
5128| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
5129| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
5130| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
5131| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
5132| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
5133| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
5134| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
5135| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
5136| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
5137| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
5138| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
5139| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
5140| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5141| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5142| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5143| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5144| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
5145| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
5146| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
5147| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
5148| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
5149| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
5150| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
5151| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
5152| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
5153| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
5154| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
5155| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
5156| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
5157| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
5158| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
5159| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
5160| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
5161| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
5162| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
5163| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
5164| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
5165| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
5166| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
5167| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
5168| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
5169| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
5170| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
5171| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
5172| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
5173| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
5174| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
5175| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
5176| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
5177| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
5178| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
5179| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
5180| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
5181| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
5182| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
5183| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
5184| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
5185| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
5186| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
5187| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
5188| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
5189| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
5190| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
5191| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
5192| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
5193| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5194| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5195| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5196| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5197| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
5198| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
5199| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
5200| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
5201| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
5202| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
5203| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
5204| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
5205| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
5206| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
5207| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
5208| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
5209| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
5210| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
5211| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
5212| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
5213| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
5214| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
5215| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
5216| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
5217| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
5218| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
5219| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
5220| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
5221| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
5222| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
5223| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
5224| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
5225| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
5226| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
5227| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
5228| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
5229| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
5230| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
5231| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
5232| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
5233| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
5234| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
5235| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
5236| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
5237| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
5238| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
5239| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
5240| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
5241| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
5242| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
5243| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
5244| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
5245| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
5246| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
5247| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
5248| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
5249| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
5250| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
5251| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
5252| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5253| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
5254| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
5255| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
5256| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
5257| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
5258| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
5259| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
5260| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
5261| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
5262| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
5263| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
5264| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
5265| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
5266| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
5267| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
5268| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
5269| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
5270| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
5271| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
5272| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
5273| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
5274| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
5275| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
5276| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
5277| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
5278| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
5279| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
5280| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
5281| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
5282| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
5283| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
5284| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
5285| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
5286| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
5287| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
5288|
5289| SecurityFocus - https://www.securityfocus.com/bid/:
5290| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
5291| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
5292| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
5293| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
5294| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
5295| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
5296| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
5297| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
5298| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
5299| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
5300| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
5301| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
5302| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
5303| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
5304| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
5305| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
5306| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
5307| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
5308| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
5309| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
5310| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
5311| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
5312| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
5313| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
5314| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
5315| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
5316| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
5317| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
5318| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
5319| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
5320| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
5321| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
5322| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
5323| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
5324| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
5325| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
5326| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
5327| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
5328| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
5329| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
5330| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
5331| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
5332| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
5333| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
5334| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
5335| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
5336| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
5337| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
5338| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
5339| [22716] Microsoft Office 2003 Denial of Service Vulnerability
5340| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
5341| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
5342| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
5343| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
5344| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
5345| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
5346| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
5347| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
5348| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
5349| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
5350| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
5351| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
5352| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
5353| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
5354| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
5355| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
5356| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
5357| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
5358| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
5359| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
5360| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
5361| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
5362| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
5363| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
5364| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
5365| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
5366| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
5367| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
5368| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
5369| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
5370| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
5371| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
5372| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
5373| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
5374| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
5375| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
5376| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
5377| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
5378| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
5379| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
5380| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
5381| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
5382| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
5383| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
5384| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
5385| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
5386| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
5387| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
5388| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
5389| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
5390| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
5391| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
5392| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
5393| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
5394| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
5395| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
5396| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
5397| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
5398| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
5399| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
5400| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
5401| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
5402| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
5403| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
5404| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
5405| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
5406| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
5407| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
5408| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
5409| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
5410| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
5411| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
5412| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
5413| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
5414| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
5415| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
5416| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
5417| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
5418| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
5419| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
5420| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
5421| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
5422| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
5423| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
5424| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
5425| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
5426| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
5427| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
5428| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
5429| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
5430| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
5431| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
5432| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
5433| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
5434| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
5435| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
5436| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
5437| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
5438| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
5439| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
5440| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
5441| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
5442| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
5443| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
5444| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
5445| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
5446| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
5447| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
5448| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
5449| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
5450| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
5451| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
5452| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
5453| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
5454| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
5455| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
5456| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
5457| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
5458| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
5459| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
5460| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
5461| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
5462| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
5463| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
5464| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
5465| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
5466| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
5467| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
5468| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
5469| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
5470| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
5471| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
5472| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
5473| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
5474| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
5475| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
5476| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
5477| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
5478| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
5479| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
5480| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
5481| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
5482| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
5483| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
5484| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
5485| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
5486| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
5487| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
5488| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
5489| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
5490| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
5491| [1197] Microsoft Office 2000 UA Control Vulnerability
5492| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
5493| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
5494| [539] Microsoft Windows 2000 EFS Vulnerability
5495| [180] Microsoft Windows April Fools 2001 Vulnerability
5496| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
5497| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
5498| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
5499| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
5500| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
5501| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
5502| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
5503| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
5504| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
5505| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
5506| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
5507| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
5508| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
5509| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
5510| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
5511| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
5512| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
5513| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
5514| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
5515| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
5516| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
5517| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
5518| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
5519| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
5520| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
5521| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
5522| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
5523| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
5524| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
5525| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
5526| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
5527| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
5528| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
5529| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
5530| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
5531| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
5532| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
5533| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
5534| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
5535| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
5536| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
5537| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
5538| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
5539| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
5540| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
5541| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
5542| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
5543| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
5544| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
5545| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
5546| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
5547| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
5548| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
5549| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
5550| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
5551| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
5552| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
5553| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
5554| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
5555| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
5556| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
5557| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
5558| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
5559| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
5560| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
5561|
5562| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5563| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
5564| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
5565| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
5566| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
5567| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
5568| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
5569| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
5570| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
5571| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
5572| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
5573| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
5574| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
5575| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
5576| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
5577| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
5578| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
5579| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
5580| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
5581| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
5582| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
5583| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
5584| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
5585| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
5586| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
5587| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
5588| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
5589| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
5590| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
5591| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
5592| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
5593| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
5594| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
5595| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
5596| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
5597| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
5598| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
5599| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
5600| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
5601| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
5602| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
5603| [48595] Microsoft Word 2007 Email as PDF information disclosure
5604| [46102] Microsoft Windows 2003 SP2 is not installed on the system
5605| [46101] Microsoft Windows 2003 SP1 is not installed on the system
5606| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
5607| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
5608| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
5609| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
5610| [34599] Microsoft Windows Server 2003 terminal server security bypass
5611| [34473] Microsoft Office 2000 ActiveX control buffer overflow
5612| [33713] Microsoft Word 2007 multiple unspecified denial of service
5613| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
5614| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
5615| [31821] Microsoft Windows time zone update for year 2007
5616| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
5617| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
5618| [29546] Microsoft Windows 2000/2003 user logoff initiated
5619| [29545] Microsoft Windows 2000/2003 system time changed
5620| [29544] Microsoft Windows 2000/2003 system security access removed
5621| [29543] Microsoft Windows 2000/2003 security access granted
5622| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
5623| [29541] Microsoft Windows 2000/2003 primary security token issued
5624| [29540] Microsoft Windows 2000/2003 user password reset successful
5625| [29539] Microsoft Windows 2000/2003 object indirectly accessed
5626| [29538] Microsoft Windows 2000/2003 object handle duplicated
5627| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
5628| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
5629| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
5630| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
5631| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
5632| [29532] Microsoft Windows 2000/2003 IKE security association established
5633| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
5634| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
5635| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
5636| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
5637| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
5638| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
5639| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
5640| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
5641| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
5642| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
5643| [29521] Microsoft Windows 2000/2003 account name changed
5644| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
5645| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
5646| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
5647| [26118] Microsoft Office 2003 mailto: information disclosure
5648| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
5649| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
5650| [24473] Microsoft Windows 2000 event ID 565 not logged
5651| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
5652| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
5653| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
5654| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
5655| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
5656| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
5657| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
5658| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
5659| [22183] Microsoft Exchange Server 2003 public folder denial of service
5660| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
5661| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
5662| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
5663| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
5664| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
5665| [19629] Microsoft Exchange Server 2003 folder denial of service
5666| [17826] Microsoft Outlook 2003 CID security bypass
5667| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
5668| [17621] Microsoft Windows 2003 SMTP service code execution
5669| [17560] Microsoft Windows 2000 and XP GDI library denial of service
5670| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
5671| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
5672| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
5673| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
5674| [16907] Microsoft Windows 2003 users with Create global objects privilege
5675| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
5676| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
5677| [16704] Microsoft Windows 2000 Media Player control code execution
5678| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
5679| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
5680| [16570] Microsoft Windows 2003 Users with Create global objects privilege
5681| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
5682| [16562] Microsoft Windows 2003 Groups with "
5683| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
5684| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
5685| [16520] Microsoft Windows 2003 Create global objects privilege
5686| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
5687| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
5688| [16119] Microsoft Outlook 2000 URL spoofing
5689| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
5690| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
5691| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
5692| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
5693| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
5694| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
5695| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
5696| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
5697| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
5698| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
5699| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
5700| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
5701| [13426] Microsoft Windows 2000 and XP RPC race condition
5702| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
5703| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
5704| [13385] Microsoft Windows Server 2003 "
5705| [13211] Microsoft Windows 2000 and XP URG memory leak
5706| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
5707| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
5708| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
5709| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
5710| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
5711| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
5712| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
5713| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
5714| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
5715| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
5716| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
5717| [11901] Microsoft BizTalk Server 2002 SQL injection
5718| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
5719| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
5720| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
5721| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
5722| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
5723| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
5724| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
5725| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
5726| [11216] Microsoft Windows NT and 2000 command prompt denial of service
5727| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
5728| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
5729| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
5730| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
5731| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
5732| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
5733| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
5734| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
5735| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
5736| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
5737| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
5738| [9779] Microsoft Windows 2000 weak system partition permissions
5739| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
5740| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
5741| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
5742| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
5743| [8867] Microsoft Windows 2000 LanMan denial of service
5744| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
5745| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
5746| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
5747| [8739] Microsoft Windows 2000 DCOM memory leak
5748| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
5749| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
5750| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
5751| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
5752| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
5753| [8199] Microsoft Windows 2000 Terminal Services unlocked client
5754| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
5755| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
5756| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
5757| [8037] Microsoft Windows 2000 empty TCP packet denial of service
5758| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
5759| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
5760| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
5761| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
5762| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
5763| [7533] Microsoft Windows 2000 RunAs service denial of service
5764| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
5765| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
5766| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
5767| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
5768| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
5769| [7008] Microsoft Windows 2000 IrDA device denial of service
5770| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
5771| [6931] Microsoft Windows 2000 without Service Pack 2
5772| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
5773| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
5774| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
5775| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
5776| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
5777| [6669] Microsoft Windows 2000 Telnet system call denial of service
5778| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
5779| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
5780| [6666] Microsoft Windows 2000 Telnet username denial of service
5781| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
5782| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
5783| [6652] Microsoft Exchange 2000 OWA script execution
5784| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
5785| [6506] Microsoft Windows 2000 Server Kerberos denial of service
5786| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
5787| [6160] Microsoft Windows 2000 event viewer buffer overflow
5788| [6136] Microsoft Windows 2000 domain controller denial of service
5789| [6035] Microsoft Windows 2000 Server RDP denial of service
5790| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
5791| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
5792| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
5793| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
5794| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
5795| [5585] Microsoft Windows 2000 brute force attack
5796| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
5797| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
5798| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
5799| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
5800| [5263] Microsoft Office 2000 executes .dll without users knowledge
5801| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
5802| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
5803| [5203] Microsoft Windows 2000 still image service
5804| [5171] Microsoft Windows 2000 Local Security Policy corruption
5805| [5080] Microsoft Office 2000 HTML object tag buffer overflow
5806| [5033] Microsoft Windows 2000 without Service Pack 1
5807| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
5808| [5015] Microsoft Windows NT and 2000 executable path
5809| [4887] Microsoft Windows 2000 Kerberos ticket renewed
5810| [4886] Microsoft Windows 2000 logon session reconnected
5811| [4885] Microsoft Windows 2000 logon session disconnected
5812| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
5813| [4873] Microsoft Windows 2000 user account mapped for logon
5814| [4872] Microsoft Windows 2000 account logon failed
5815| [4871] Microsoft Windows 2000 account used for logon
5816| [4855] Microsoft Windows 2000 group type change
5817| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
5818| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
5819| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
5820| [4819] Microsoft Windows 2000 default SYSKEY configuration
5821| [4787] Microsoft Windows 2000 user account locked out
5822| [4786] Microsoft Windows 2000 computer account created
5823| [4785] Microsoft Windows 2000 computer account changed
5824| [4784] Microsoft Windows 2000 computer account deleted
5825| [4714] Microsoft Windows 2000 "
5826| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
5827| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
5828| [4138] Microsoft Windows 2000 system file integrity feature is disabled
5829| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
5830| [4085] Microsoft Windows 2000 non-Gregorial calendar error
5831| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
5832| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
5833| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
5834| [4080] Microsoft Windows 2000 AOL image support
5835| [4079] Microsoft Windows 2000 High Encryption Pack
5836| [3854] Microsoft Office 2000 security setting
5837| [1376] Microsoft Proxy 2.0 denial of service
5838| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
5839| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
5840| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
5841| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
5842| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
5843| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
5844| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
5845| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
5846| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
5847| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
5848| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
5849| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
5850| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
5851| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
5852| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
5853| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
5854| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
5855| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
5856| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
5857| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
5858| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
5859| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
5860| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
5861| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
5862| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
5863| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
5864| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
5865| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
5866| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
5867| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
5868| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
5869| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
5870| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
5871| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
5872| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
5873| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
5874| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
5875| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
5876| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
5877| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
5878| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
5879| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
5880| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
5881| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
5882| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
5883| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
5884| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
5885| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
5886| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
5887| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
5888| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
5889| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
5890| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
5891| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
5892| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
5893| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
5894| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
5895| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
5896| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
5897| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
5898| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
5899| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
5900| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
5901| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
5902| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
5903| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
5904| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
5905| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
5906| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
5907| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
5908| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
5909| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
5910| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
5911| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
5912| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
5913| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
5914| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
5915| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
5916| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
5917| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
5918| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
5919| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
5920| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
5921| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
5922| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
5923| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
5924| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
5925| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
5926| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
5927| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
5928| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
5929| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
5930| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
5931| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
5932| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
5933| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
5934| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
5935| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
5936| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
5937| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
5938| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
5939| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
5940| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
5941| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
5942| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
5943| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
5944| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
5945| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
5946| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
5947| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
5948| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
5949| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
5950| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
5951| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
5952| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
5953| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
5954| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
5955| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
5956| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
5957| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
5958| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
5959| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
5960| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
5961| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
5962| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
5963| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
5964| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
5965| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
5966| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
5967| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
5968| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
5969| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
5970| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
5971| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
5972| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
5973| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
5974| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
5975| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
5976| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
5977| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
5978| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
5979| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
5980| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
5981| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
5982| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
5983| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
5984| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
5985| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
5986| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
5987| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
5988| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
5989| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
5990| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
5991| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
5992| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
5993| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
5994| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
5995| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
5996| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
5997| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
5998| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
5999| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
6000| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
6001| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
6002| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
6003| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
6004| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
6005| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
6006| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
6007| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
6008| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
6009| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
6010| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
6011| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
6012| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
6013| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
6014| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
6015| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
6016| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
6017| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
6018| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
6019| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
6020| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
6021| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
6022| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
6023| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
6024| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
6025| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
6026| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
6027| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
6028| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
6029| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
6030| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
6031| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
6032| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
6033| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
6034| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
6035| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
6036| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
6037| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
6038| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
6039| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
6040| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
6041| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
6042| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
6043| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
6044| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
6045| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
6046| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
6047| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
6048| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
6049| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
6050| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
6051| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
6052| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
6053| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
6054| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
6055| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
6056| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
6057| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
6058| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
6059| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
6060| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
6061| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
6062| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
6063| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
6064| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
6065| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
6066| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
6067| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
6068| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
6069| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
6070| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
6071| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
6072| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
6073| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
6074| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
6075| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
6076| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
6077| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
6078| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
6079| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
6080| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
6081| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
6082| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
6083| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
6084| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
6085| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
6086| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
6087| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
6088| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
6089| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
6090| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
6091| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
6092| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
6093| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
6094| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
6095| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
6096| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
6097| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
6098| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
6099| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
6100| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
6101| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
6102| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
6103| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
6104| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
6105| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
6106| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
6107| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
6108| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
6109| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
6110| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
6111| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
6112| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
6113| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
6114| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
6115| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
6116| [9146] Microsoft Passport SDK 2.1 events reporting disabled
6117| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
6118| [9067] Microsoft Passport SDK 2.1 default test site exposure
6119| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
6120| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
6121| [9064] Microsoft Passport SDK 2.1 default time window exposure
6122| [1271] Microsoft IIS version 2 installed
6123| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
6124|
6125| Exploit-DB - https://www.exploit-db.com:
6126| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
6127| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
6128| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
6129| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
6130| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
6131| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
6132| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
6133| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
6134| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
6135| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
6136| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
6137| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
6138| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
6139| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
6140| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
6141| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
6142| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
6143| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
6144| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
6145| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
6146| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
6147| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
6148| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
6149| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
6150| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
6151| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
6152| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
6153| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
6154| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
6155| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
6156| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
6157| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
6158| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
6159| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
6160| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
6161| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
6162| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
6163| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
6164| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
6165| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
6166| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
6167| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
6168| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
6169| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
6170| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
6171| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
6172| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
6173| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
6174| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
6175| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
6176| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
6177| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
6178| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
6179| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
6180| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
6181| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
6182| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
6183| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
6184| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
6185| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
6186| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
6187| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
6188| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
6189| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
6190| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
6191| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
6192| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
6193| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
6194| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
6195| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
6196| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
6197| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
6198| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
6199| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
6200| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
6201| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
6202| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
6203| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
6204| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
6205| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
6206| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
6207| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
6208| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
6209| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
6210| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
6211| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
6212| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
6213| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
6214| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
6215| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
6216| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
6217| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
6218| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
6219| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
6220| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
6221| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
6222| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
6223| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
6224| [18334] Microsoft Office 2003 Home/Pro 0day
6225| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
6226| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
6227| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
6228| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
6229| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
6230| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
6231| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
6232| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
6233| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
6234| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
6235| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
6236| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
6237| [3690] microsoft office word 2007 - Multiple Vulnerabilities
6238| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
6239| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
6240| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
6241| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
6242| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
6243| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
6244| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
6245| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
6246| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
6247| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
6248| [22850] Microsoft Office OneNote 2010 Crash PoC
6249| [22679] Microsoft Visio 2010 Crash PoC
6250| [22655] Microsoft Publisher 2013 Crash PoC
6251| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
6252| [22330] Microsoft Office Excel 2010 Crash PoC
6253| [22310] Microsoft Office Publisher 2010 Crash PoC
6254| [22237] Microsoft Office Picture Manager 2010 Crash PoC
6255| [22215] Microsoft Office Word 2010 Crash PoC
6256| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
6257| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
6258| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
6259| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
6260| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
6261| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
6262| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
6263| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
6264| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
6265| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
6266|
6267| OpenVAS (Nessus) - http://www.openvas.org:
6268| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
6269| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
6270| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
6271| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
6272| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
6273| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
6274| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
6275| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
6276| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
6277| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
6278| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
6279| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
6280| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
6281|
6282| SecurityTracker - https://www.securitytracker.com:
6283| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
6284| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
6285| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
6286| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
6287| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
6288| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
6289| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
6290| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
6291| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
6292| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
6293| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
6294| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
6295| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
6296| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
6297| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
6298| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
6299| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
6300| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
6301| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
6302| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
6303| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
6304| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
6305| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
6306| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
6307| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
6308| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
6309| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
6310| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
6311| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
6312| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
6313| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
6314| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
6315| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
6316| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
6317| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
6318| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
6319| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
6320| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
6321| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
6322| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
6323| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
6324| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
6325| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
6326| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
6327| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
6328| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
6329| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
6330| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
6331| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
6332| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
6333| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
6334| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
6335| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
6336| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
6337| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
6338| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
6339| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
6340| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
6341| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
6342|
6343| OSVDB - http://www.osvdb.org:
6344| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
6345| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
6346| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
6347| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
6348| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
6349| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
6350| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
6351| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
6352| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
6353| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
6354| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
6355| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
6356| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
6357| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
6358| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
6359| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
6360| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
6361| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
6362| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
6363| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
6364| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
6365| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
6366| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
6367| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
6368| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
6369| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
6370| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
6371| [28539] Microsoft Word 2000 Unspecified Code Execution
6372| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
6373| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
6374| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
6375| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
6376| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
6377| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
6378| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
6379| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
6380| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
6381| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
6382| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
6383| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
6384| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
6385| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
6386| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
6387| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
6388| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
6389| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
6390| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
6391| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
6392| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
6393| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
6394| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
6395| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
6396| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
6397| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
6398| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
6399| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
6400| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
6401| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
6402| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
6403| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
6404| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
6405| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
6406| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
6407| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
6408| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
6409| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
6410| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
6411| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
6412| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
6413| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
6414| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
6415| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
6416| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
6417| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
6418| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
6419| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
6420| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
6421| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
6422| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
6423| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
6424| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
6425| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
6426| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
6427| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
6428| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
6429| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
6430| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
6431| [8243] Microsoft SMS Port 2702 DoS
6432| [7202] Microsoft PowerPoint 2000 File Loader Overflow
6433| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
6434| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
6435| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
6436| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
6437| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
6438| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
6439| [6965] Microsoft ISA Server 2000 SSL Packet DoS
6440| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
6441| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
6442| [5179] Microsoft Windows 2000 microsoft-ds DoS
6443| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
6444| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
6445| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
6446| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
6447| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
6448| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
6449| [4168] Microsoft Outlook 2002 mailto URI Script Injection
6450| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
6451| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
6452| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
6453| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
6454| [2244] Microsoft Windows 2000 ShellExecute() API Let
6455| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
6456| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
6457| [1764] Microsoft Windows 2000 Domain Controller DoS
6458| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
6459| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
6460| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
6461| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
6462| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
6463| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
6464| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
6465| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
6466| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
6467| [1399] Microsoft Windows 2000 Windows Station Access
6468| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
6469| [1297] Microsoft Windows 2000 Active Directory Object Attribute
6470| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
6471| [773] Microsoft Windows 2000 Group Policy File Lock DoS
6472| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
6473| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
6474| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
6475| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
6476| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
6477| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
6478|_
6479Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6480Device type: general purpose
6481Running (JUST GUESSING): Microsoft Windows 2012 (89%)
6482OS CPE: cpe:/o:microsoft:windows_server_2012
6483Aggressive OS guesses: Microsoft Windows Server 2012 (89%), Microsoft Windows Server 2012 or Windows Server 2012 R2 (89%), Microsoft Windows Server 2012 R2 (89%)
6484No exact OS matches for host (test conditions non-ideal).
6485Uptime guess: 22.762 days (since Sat Oct 19 06:17:38 2019)
6486Network Distance: 14 hops
6487TCP Sequence Prediction: Difficulty=260 (Good luck!)
6488IP ID Sequence Generation: Incremental
6489Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
6490
6491TRACEROUTE (using port 80/tcp)
6492HOP RTT ADDRESS
64931 80.84 ms 10.246.204.1
64942 116.51 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
64953 98.46 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
64964 98.40 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
64975 98.46 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
64986 98.46 ms 4.68.127.229
64997 162.81 ms ae-2-3204.edge7.Amsterdam1.Level3.net (4.69.162.181)
65008 180.42 ms 213.19.198.194
65019 ... 13
650214 181.79 ms 88.255.226.247.static.ttnet.com.tr (88.255.226.247)
6503
6504NSE: Script Post-scanning.
6505Initiating NSE at 23:35
6506Completed NSE at 23:35, 0.00s elapsed
6507Initiating NSE at 23:35
6508Completed NSE at 23:35, 0.00s elapsed
6509#######################################################################################################################################
6510------------------------------------------------------------------------------------------------------------------------
6511
6512[ ! ] Starting SCANNER INURLBR 2.1 at [10-11-2019 23:35:50]
6513[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
6514It is the end user's responsibility to obey all applicable local, state and federal laws.
6515Developers assume no liability and are not responsible for any misuse or damage caused by this program
6516
6517[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.kosgeb.gov.tr/output/inurlbr-www.kosgeb.gov.tr ]
6518[ INFO ][ DORK ]::[ site:www.kosgeb.gov.tr ]
6519[ INFO ][ SEARCHING ]:: {
6520[ INFO ][ ENGINE ]::[ GOOGLE - www.google.bs ]
6521
6522[ INFO ][ SEARCHING ]::
6523-[:::]
6524[ INFO ][ ENGINE ]::[ GOOGLE API ]
6525
6526[ INFO ][ SEARCHING ]::
6527-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
6528[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.ca ID: 002901626849897788481:cpnctza84gq ]
6529
6530[ INFO ][ SEARCHING ]::
6531-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
6532
6533[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
6534
6535
6536 _[ - ]::--------------------------------------------------------------------------------------------------------------
6537|_[ + ] [ 0 / 100 ]-[23:36:03] [ - ]
6538|_[ + ] Target:: [ https://www.kosgeb.gov.tr/ ]
6539|_[ + ] Exploit::
6540|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6541|_[ + ] More details:: / - / , ISP:
6542|_[ + ] Found:: UNIDENTIFIED
6543
6544 _[ - ]::--------------------------------------------------------------------------------------------------------------
6545|_[ + ] [ 1 / 100 ]-[23:36:04] [ - ]
6546|_[ + ] Target:: [ http://www.kosgeb.gov.tr/Harita.aspx ]
6547|_[ + ] Exploit::
6548|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
6549|_[ + ] More details:: / - / , ISP:
6550|_[ + ] Found:: UNIDENTIFIED
6551
6552 _[ - ]::--------------------------------------------------------------------------------------------------------------
6553|_[ + ] [ 2 / 100 ]-[23:36:06] [ - ]
6554|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en ]
6555|_[ + ] Exploit::
6556|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6557|_[ + ] More details:: / - / , ISP:
6558|_[ + ] Found:: UNIDENTIFIED
6559
6560 _[ - ]::--------------------------------------------------------------------------------------------------------------
6561|_[ + ] [ 3 / 100 ]-[23:36:07] [ - ]
6562|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten ]
6563|_[ + ] Exploit::
6564|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6565|_[ + ] More details:: / - / , ISP:
6566|_[ + ] Found:: UNIDENTIFIED
6567
6568 _[ - ]::--------------------------------------------------------------------------------------------------------------
6569|_[ + ] [ 4 / 100 ]-[23:36:09] [ - ]
6570|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste ]
6571|_[ + ] Exploit::
6572|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6573|_[ + ] More details:: / - / , ISP:
6574|_[ + ] Found:: UNIDENTIFIED
6575
6576 _[ - ]::--------------------------------------------------------------------------------------------------------------
6577|_[ + ] [ 5 / 100 ]-[23:36:11] [ - ]
6578|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/fuarliste ]
6579|_[ + ] Exploit::
6580|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6581|_[ + ] More details:: / - / , ISP:
6582|_[ + ] Found:: UNIDENTIFIED
6583
6584 _[ - ]::--------------------------------------------------------------------------------------------------------------
6585|_[ + ] [ 6 / 100 ]-[23:36:12] [ - ]
6586|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/medyatakip ]
6587|_[ + ] Exploit::
6588|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6589|_[ + ] More details:: / - / , ISP:
6590|_[ + ] Found:: UNIDENTIFIED
6591
6592 _[ - ]::--------------------------------------------------------------------------------------------------------------
6593|_[ + ] [ 7 / 100 ]-[23:36:14] [ - ]
6594|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/mudurlukler ]
6595|_[ + ] Exploit::
6596|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6597|_[ + ] More details:: / - / , ISP:
6598|_[ + ] Found:: UNIDENTIFIED
6599
6600 _[ - ]::--------------------------------------------------------------------------------------------------------------
6601|_[ + ] [ 8 / 100 ]-[23:36:14] [ - ]
6602|_[ + ] Target:: [ http://www.kosgeb.gov.tr/BasinOdasi.aspx?ref=43 ]
6603|_[ + ] Exploit::
6604|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
6605|_[ + ] More details:: / - / , ISP:
6606|_[ + ] Found:: UNIDENTIFIED
6607
6608 _[ - ]::--------------------------------------------------------------------------------------------------------------
6609|_[ + ] [ 9 / 100 ]-[23:36:16] [ - ]
6610|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/mudurlukler ]
6611|_[ + ] Exploit::
6612|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6613|_[ + ] More details:: / - / , ISP:
6614|_[ + ] Found:: UNIDENTIFIED
6615
6616 _[ - ]::--------------------------------------------------------------------------------------------------------------
6617|_[ + ] [ 10 / 100 ]-[23:36:18] [ - ]
6618|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/iletisim ]
6619|_[ + ] Exploit::
6620|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6621|_[ + ] More details:: / - / , ISP:
6622|_[ + ] Found:: UNIDENTIFIED
6623
6624 _[ - ]::--------------------------------------------------------------------------------------------------------------
6625|_[ + ] [ 11 / 100 ]-[23:36:19] [ - ]
6626|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/DesteklenenSektor ]
6627|_[ + ] Exploit::
6628|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6629|_[ + ] More details:: / - / , ISP:
6630|_[ + ] Found:: UNIDENTIFIED
6631
6632 _[ - ]::--------------------------------------------------------------------------------------------------------------
6633|_[ + ] [ 12 / 100 ]-[23:36:20] [ - ]
6634|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/isletmedurumsorgulama ]
6635|_[ + ] Exploit::
6636|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6637|_[ + ] More details:: / - / , ISP:
6638|_[ + ] Found:: UNIDENTIFIED
6639
6640 _[ - ]::--------------------------------------------------------------------------------------------------------------
6641|_[ + ] [ 13 / 100 ]-[23:36:22] [ - ]
6642|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/kayit ]
6643|_[ + ] Exploit::
6644|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6645|_[ + ] More details:: / - / , ISP:
6646|_[ + ] Found:: UNIDENTIFIED
6647
6648 _[ - ]::--------------------------------------------------------------------------------------------------------------
6649|_[ + ] [ 14 / 100 ]-[23:36:23] [ - ]
6650|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/iletisimformu ]
6651|_[ + ] Exploit::
6652|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6653|_[ + ] More details:: / - / , ISP:
6654|_[ + ] Found:: UNIDENTIFIED
6655
6656 _[ - ]::--------------------------------------------------------------------------------------------------------------
6657|_[ + ] [ 15 / 100 ]-[23:36:24] [ - ]
6658|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/isletmedurumsorgulama ]
6659|_[ + ] Exploit::
6660|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6661|_[ + ] More details:: / - / , ISP:
6662|_[ + ] Found:: UNIDENTIFIED
6663
6664 _[ - ]::--------------------------------------------------------------------------------------------------------------
6665|_[ + ] [ 16 / 100 ]-[23:36:26] [ - ]
6666|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/68 ]
6667|_[ + ] Exploit::
6668|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6669|_[ + ] More details:: / - / , ISP:
6670|_[ + ] Found:: UNIDENTIFIED
6671
6672 _[ - ]::--------------------------------------------------------------------------------------------------------------
6673|_[ + ] [ 17 / 100 ]-[23:36:27] [ - ]
6674|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/63 ]
6675|_[ + ] Exploit::
6676|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6677|_[ + ] More details:: / - / , ISP:
6678|_[ + ] Found:: UNIDENTIFIED
6679
6680 _[ - ]::--------------------------------------------------------------------------------------------------------------
6681|_[ + ] [ 18 / 100 ]-[23:36:28] [ - ]
6682|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/60 ]
6683|_[ + ] Exploit::
6684|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6685|_[ + ] More details:: / - / , ISP:
6686|_[ + ] Found:: UNIDENTIFIED
6687
6688 _[ - ]::--------------------------------------------------------------------------------------------------------------
6689|_[ + ] [ 19 / 100 ]-[23:36:30] [ - ]
6690|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/17 ]
6691|_[ + ] Exploit::
6692|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6693|_[ + ] More details:: / - / , ISP:
6694|_[ + ] Found:: UNIDENTIFIED
6695
6696 _[ - ]::--------------------------------------------------------------------------------------------------------------
6697|_[ + ] [ 20 / 100 ]-[23:36:31] [ - ]
6698|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/5 ]
6699|_[ + ] Exploit::
6700|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6701|_[ + ] More details:: / - / , ISP:
6702|_[ + ] Found:: UNIDENTIFIED
6703
6704 _[ - ]::--------------------------------------------------------------------------------------------------------------
6705|_[ + ] [ 21 / 100 ]-[23:36:33] [ - ]
6706|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=6 ]
6707|_[ + ] Exploit::
6708|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6709|_[ + ] More details:: / - / , ISP:
6710|_[ + ] Found:: UNIDENTIFIED
6711
6712 _[ - ]::--------------------------------------------------------------------------------------------------------------
6713|_[ + ] [ 22 / 100 ]-[23:36:34] [ - ]
6714|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=45 ]
6715|_[ + ] Exploit::
6716|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6717|_[ + ] More details:: / - / , ISP:
6718|_[ + ] Found:: UNIDENTIFIED
6719
6720 _[ - ]::--------------------------------------------------------------------------------------------------------------
6721|_[ + ] [ 23 / 100 ]-[23:36:36] [ - ]
6722|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/organizasyondetay/1003/baskan ]
6723|_[ + ] Exploit::
6724|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6725|_[ + ] More details:: / - / , ISP:
6726|_[ + ] Found:: UNIDENTIFIED
6727
6728 _[ - ]::--------------------------------------------------------------------------------------------------------------
6729|_[ + ] [ 24 / 100 ]-[23:36:37] [ - ]
6730|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6286/slogan ]
6731|_[ + ] Exploit::
6732|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6733|_[ + ] More details:: / - / , ISP:
6734|_[ + ] Found:: UNIDENTIFIED
6735
6736 _[ - ]::--------------------------------------------------------------------------------------------------------------
6737|_[ + ] [ 25 / 100 ]-[23:36:38] [ - ]
6738|_[ + ] Target:: [ http://www.kosgeb.gov.tr/Pages/UI/BasariOykuleri.aspx?ref=82 ]
6739|_[ + ] Exploit::
6740|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
6741|_[ + ] More details:: / - / , ISP:
6742|_[ + ] Found:: UNIDENTIFIED
6743
6744 _[ - ]::--------------------------------------------------------------------------------------------------------------
6745|_[ + ] [ 26 / 100 ]-[23:36:39] [ - ]
6746|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=55 ]
6747|_[ + ] Exploit::
6748|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6749|_[ + ] More details:: / - / , ISP:
6750|_[ + ] Found:: UNIDENTIFIED
6751
6752 _[ - ]::--------------------------------------------------------------------------------------------------------------
6753|_[ + ] [ 27 / 100 ]-[23:36:41] [ - ]
6754|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5596/akit ]
6755|_[ + ] Exploit::
6756|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6757|_[ + ] More details:: / - / , ISP:
6758|_[ + ] Found:: UNIDENTIFIED
6759
6760 _[ - ]::--------------------------------------------------------------------------------------------------------------
6761|_[ + ] [ 28 / 100 ]-[23:36:42] [ - ]
6762|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5572/para ]
6763|_[ + ] Exploit::
6764|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6765|_[ + ] More details:: / - / , ISP:
6766|_[ + ] Found:: UNIDENTIFIED
6767
6768 _[ - ]::--------------------------------------------------------------------------------------------------------------
6769|_[ + ] [ 29 / 100 ]-[23:36:43] [ - ]
6770|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5871/kobiefor ]
6771|_[ + ] Exploit::
6772|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6773|_[ + ] More details:: / - / , ISP:
6774|_[ + ] Found:: UNIDENTIFIED
6775
6776 _[ - ]::--------------------------------------------------------------------------------------------------------------
6777|_[ + ] [ 30 / 100 ]-[23:36:45] [ - ]
6778|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5956/haberturk ]
6779|_[ + ] Exploit::
6780|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6781|_[ + ] More details:: / - / , ISP:
6782|_[ + ] Found:: UNIDENTIFIED
6783
6784 _[ - ]::--------------------------------------------------------------------------------------------------------------
6785|_[ + ] [ 31 / 100 ]-[23:36:46] [ - ]
6786|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=6 ]
6787|_[ + ] Exploit::
6788|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6789|_[ + ] More details:: / - / , ISP:
6790|_[ + ] Found:: UNIDENTIFIED
6791
6792 _[ - ]::--------------------------------------------------------------------------------------------------------------
6793|_[ + ] [ 32 / 100 ]-[23:36:48] [ - ]
6794|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=8 ]
6795|_[ + ] Exploit::
6796|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6797|_[ + ] More details:: / - / , ISP:
6798|_[ + ] Found:: UNIDENTIFIED
6799
6800 _[ - ]::--------------------------------------------------------------------------------------------------------------
6801|_[ + ] [ 33 / 100 ]-[23:36:49] [ - ]
6802|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=67 ]
6803|_[ + ] Exploit::
6804|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6805|_[ + ] More details:: / - / , ISP:
6806|_[ + ] Found:: UNIDENTIFIED
6807
6808 _[ - ]::--------------------------------------------------------------------------------------------------------------
6809|_[ + ] [ 34 / 100 ]-[23:36:51] [ - ]
6810|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5571/gunes ]
6811|_[ + ] Exploit::
6812|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6813|_[ + ] More details:: / - / , ISP:
6814|_[ + ] Found:: UNIDENTIFIED
6815
6816 _[ - ]::--------------------------------------------------------------------------------------------------------------
6817|_[ + ] [ 35 / 100 ]-[23:36:52] [ - ]
6818|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/bilgiedinme?PI=1 ]
6819|_[ + ] Exploit::
6820|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6821|_[ + ] More details:: / - / , ISP:
6822|_[ + ] Found:: UNIDENTIFIED
6823
6824 _[ - ]::--------------------------------------------------------------------------------------------------------------
6825|_[ + ] [ 36 / 100 ]-[23:36:54] [ - ]
6826|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=20 ]
6827|_[ + ] Exploit::
6828|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6829|_[ + ] More details:: / - / , ISP:
6830|_[ + ] Found:: UNIDENTIFIED
6831
6832 _[ - ]::--------------------------------------------------------------------------------------------------------------
6833|_[ + ] [ 37 / 100 ]-[23:36:55] [ - ]
6834|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=14 ]
6835|_[ + ] Exploit::
6836|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6837|_[ + ] More details:: / - / , ISP:
6838|_[ + ] Found:: UNIDENTIFIED
6839
6840 _[ - ]::--------------------------------------------------------------------------------------------------------------
6841|_[ + ] [ 38 / 100 ]-[23:36:56] [ - ]
6842|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=33 ]
6843|_[ + ] Exploit::
6844|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6845|_[ + ] More details:: / - / , ISP:
6846|_[ + ] Found:: UNIDENTIFIED
6847
6848 _[ - ]::--------------------------------------------------------------------------------------------------------------
6849|_[ + ] [ 39 / 100 ]-[23:36:58] [ - ]
6850|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/liste/2/announcement ]
6851|_[ + ] Exploit::
6852|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6853|_[ + ] More details:: / - / , ISP:
6854|_[ + ] Found:: UNIDENTIFIED
6855
6856 _[ - ]::--------------------------------------------------------------------------------------------------------------
6857|_[ + ] [ 40 / 100 ]-[23:36:59] [ - ]
6858|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=43 ]
6859|_[ + ] Exploit::
6860|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6861|_[ + ] More details:: / - / , ISP:
6862|_[ + ] Found:: UNIDENTIFIED
6863
6864 _[ - ]::--------------------------------------------------------------------------------------------------------------
6865|_[ + ] [ 41 / 100 ]-[23:37:01] [ - ]
6866|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=51 ]
6867|_[ + ] Exploit::
6868|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6869|_[ + ] More details:: / - / , ISP:
6870|_[ + ] Found:: UNIDENTIFIED
6871
6872 _[ - ]::--------------------------------------------------------------------------------------------------------------
6873|_[ + ] [ 42 / 100 ]-[23:37:02] [ - ]
6874|_[ + ] Target:: [ http://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=31 ]
6875|_[ + ] Exploit::
6876|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
6877|_[ + ] More details:: / - / , ISP:
6878|_[ + ] Found:: UNIDENTIFIED
6879
6880 _[ - ]::--------------------------------------------------------------------------------------------------------------
6881|_[ + ] [ 43 / 100 ]-[23:37:04] [ - ]
6882|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5623/turkiye ]
6883|_[ + ] Exploit::
6884|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6885|_[ + ] More details:: / - / , ISP:
6886|_[ + ] Found:: UNIDENTIFIED
6887
6888 _[ - ]::--------------------------------------------------------------------------------------------------------------
6889|_[ + ] [ 44 / 100 ]-[23:37:05] [ - ]
6890|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=63 ]
6891|_[ + ] Exploit::
6892|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6893|_[ + ] More details:: / - / , ISP:
6894|_[ + ] Found:: UNIDENTIFIED
6895
6896 _[ - ]::--------------------------------------------------------------------------------------------------------------
6897|_[ + ] [ 45 / 100 ]-[23:37:06] [ - ]
6898|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5606/haberturk ]
6899|_[ + ] Exploit::
6900|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6901|_[ + ] More details:: / - / , ISP:
6902|_[ + ] Found:: UNIDENTIFIED
6903
6904 _[ - ]::--------------------------------------------------------------------------------------------------------------
6905|_[ + ] [ 46 / 100 ]-[23:37:08] [ - ]
6906|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=41 ]
6907|_[ + ] Exploit::
6908|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6909|_[ + ] More details:: / - / , ISP:
6910|_[ + ] Found:: UNIDENTIFIED
6911
6912 _[ - ]::--------------------------------------------------------------------------------------------------------------
6913|_[ + ] [ 47 / 100 ]-[23:37:09] [ - ]
6914|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5593/gunes ]
6915|_[ + ] Exploit::
6916|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6917|_[ + ] More details:: / - / , ISP:
6918|_[ + ] Found:: UNIDENTIFIED
6919
6920 _[ - ]::--------------------------------------------------------------------------------------------------------------
6921|_[ + ] [ 48 / 100 ]-[23:37:11] [ - ]
6922|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=49 ]
6923|_[ + ] Exploit::
6924|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6925|_[ + ] More details:: / - / , ISP:
6926|_[ + ] Found:: UNIDENTIFIED
6927
6928 _[ - ]::--------------------------------------------------------------------------------------------------------------
6929|_[ + ] [ 49 / 100 ]-[23:37:12] [ - ]
6930|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/1083/haberler ]
6931|_[ + ] Exploit::
6932|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6933|_[ + ] More details:: / - / , ISP:
6934|_[ + ] Found:: UNIDENTIFIED
6935
6936 _[ - ]::--------------------------------------------------------------------------------------------------------------
6937|_[ + ] [ 50 / 100 ]-[23:37:13] [ - ]
6938|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6126/projeler ]
6939|_[ + ] Exploit::
6940|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6941|_[ + ] More details:: / - / , ISP:
6942|_[ + ] Found:: UNIDENTIFIED
6943
6944 _[ - ]::--------------------------------------------------------------------------------------------------------------
6945|_[ + ] [ 51 / 100 ]-[23:37:14] [ - ]
6946|_[ + ] Target:: [ http://www.kosgeb.gov.tr/pages/ui/Destekler.aspx?ref=3 ]
6947|_[ + ] Exploit::
6948|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
6949|_[ + ] More details:: / - / , ISP:
6950|_[ + ] Found:: UNIDENTIFIED
6951
6952 _[ - ]::--------------------------------------------------------------------------------------------------------------
6953|_[ + ] [ 52 / 100 ]-[23:37:15] [ - ]
6954|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6164/baskan ]
6955|_[ + ] Exploit::
6956|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6957|_[ + ] More details:: / - / , ISP:
6958|_[ + ] Found:: UNIDENTIFIED
6959
6960 _[ - ]::--------------------------------------------------------------------------------------------------------------
6961|_[ + ] [ 53 / 100 ]-[23:37:16] [ - ]
6962|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=35 ]
6963|_[ + ] Exploit::
6964|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6965|_[ + ] More details:: / - / , ISP:
6966|_[ + ] Found:: UNIDENTIFIED
6967
6968 _[ - ]::--------------------------------------------------------------------------------------------------------------
6969|_[ + ] [ 54 / 100 ]-[23:37:18] [ - ]
6970|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6187/dergi ]
6971|_[ + ] Exploit::
6972|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6973|_[ + ] More details:: / - / , ISP:
6974|_[ + ] Found:: UNIDENTIFIED
6975
6976 _[ - ]::--------------------------------------------------------------------------------------------------------------
6977|_[ + ] [ 55 / 100 ]-[23:37:19] [ - ]
6978|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=60 ]
6979|_[ + ] Exploit::
6980|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6981|_[ + ] More details:: / - / , ISP:
6982|_[ + ] Found:: UNIDENTIFIED
6983
6984 _[ - ]::--------------------------------------------------------------------------------------------------------------
6985|_[ + ] [ 56 / 100 ]-[23:37:21] [ - ]
6986|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5537/vatan ]
6987|_[ + ] Exploit::
6988|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6989|_[ + ] More details:: / - / , ISP:
6990|_[ + ] Found:: UNIDENTIFIED
6991
6992 _[ - ]::--------------------------------------------------------------------------------------------------------------
6993|_[ + ] [ 57 / 100 ]-[23:37:23] [ - ]
6994|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/5/slider ]
6995|_[ + ] Exploit::
6996|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
6997|_[ + ] More details:: / - / , ISP:
6998|_[ + ] Found:: UNIDENTIFIED
6999
7000 _[ - ]::--------------------------------------------------------------------------------------------------------------
7001|_[ + ] [ 58 / 100 ]-[23:37:24] [ - ]
7002|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=33 ]
7003|_[ + ] Exploit::
7004|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7005|_[ + ] More details:: / - / , ISP:
7006|_[ + ] Found:: UNIDENTIFIED
7007
7008 _[ - ]::--------------------------------------------------------------------------------------------------------------
7009|_[ + ] [ 59 / 100 ]-[23:37:25] [ - ]
7010|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6787/mevzuat ]
7011|_[ + ] Exploit::
7012|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7013|_[ + ] More details:: / - / , ISP:
7014|_[ + ] Found:: UNIDENTIFIED
7015
7016 _[ - ]::--------------------------------------------------------------------------------------------------------------
7017|_[ + ] [ 60 / 100 ]-[23:37:27] [ - ]
7018|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/4116/bagimsiz ]
7019|_[ + ] Exploit::
7020|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7021|_[ + ] More details:: / - / , ISP:
7022|_[ + ] Found:: UNIDENTIFIED
7023
7024 _[ - ]::--------------------------------------------------------------------------------------------------------------
7025|_[ + ] [ 61 / 100 ]-[23:37:28] [ - ]
7026|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=45 ]
7027|_[ + ] Exploit::
7028|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7029|_[ + ] More details:: / - / , ISP:
7030|_[ + ] Found:: UNIDENTIFIED
7031
7032 _[ - ]::--------------------------------------------------------------------------------------------------------------
7033|_[ + ] [ 62 / 100 ]-[23:37:30] [ - ]
7034|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=34 ]
7035|_[ + ] Exploit::
7036|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7037|_[ + ] More details:: / - / , ISP:
7038|_[ + ] Found:: UNIDENTIFIED
7039
7040 _[ - ]::--------------------------------------------------------------------------------------------------------------
7041|_[ + ] [ 63 / 100 ]-[23:37:31] [ - ]
7042|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=74 ]
7043|_[ + ] Exploit::
7044|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7045|_[ + ] More details:: / - / , ISP:
7046|_[ + ] Found:: UNIDENTIFIED
7047
7048 _[ - ]::--------------------------------------------------------------------------------------------------------------
7049|_[ + ] [ 64 / 100 ]-[23:37:32] [ - ]
7050|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ulusaldestekler/destekkategorileri/11/etkinlikverimlilik ]
7051|_[ + ] Exploit::
7052|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7053|_[ + ] More details:: / - / , ISP:
7054|_[ + ] Found:: UNIDENTIFIED
7055
7056 _[ - ]::--------------------------------------------------------------------------------------------------------------
7057|_[ + ] [ 65 / 100 ]-[23:37:34] [ - ]
7058|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/3/destekler ]
7059|_[ + ] Exploit::
7060|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7061|_[ + ] More details:: / - / , ISP:
7062|_[ + ] Found:: UNIDENTIFIED
7063
7064 _[ - ]::--------------------------------------------------------------------------------------------------------------
7065|_[ + ] [ 66 / 100 ]-[23:37:35] [ - ]
7066|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=76 ]
7067|_[ + ] Exploit::
7068|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7069|_[ + ] More details:: / - / , ISP:
7070|_[ + ] Found:: UNIDENTIFIED
7071
7072 _[ - ]::--------------------------------------------------------------------------------------------------------------
7073|_[ + ] [ 67 / 100 ]-[23:37:37] [ - ]
7074|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=1 ]
7075|_[ + ] Exploit::
7076|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7077|_[ + ] More details:: / - / , ISP:
7078|_[ + ] Found:: UNIDENTIFIED
7079
7080 _[ - ]::--------------------------------------------------------------------------------------------------------------
7081|_[ + ] [ 68 / 100 ]-[23:37:38] [ - ]
7082|_[ + ] Target:: [ https://www.kosgeb.gov.tr/Pages/UI/b.aspx?ref=76 ]
7083|_[ + ] Exploit::
7084|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7085|_[ + ] More details:: / - / , ISP:
7086|_[ + ] Found:: UNIDENTIFIED
7087
7088 _[ - ]::--------------------------------------------------------------------------------------------------------------
7089|_[ + ] [ 69 / 100 ]-[23:37:40] [ - ]
7090|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=59 ]
7091|_[ + ] Exploit::
7092|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7093|_[ + ] More details:: / - / , ISP:
7094|_[ + ] Found:: UNIDENTIFIED
7095
7096 _[ - ]::--------------------------------------------------------------------------------------------------------------
7097|_[ + ] [ 70 / 100 ]-[23:37:41] [ - ]
7098|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=46 ]
7099|_[ + ] Exploit::
7100|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7101|_[ + ] More details:: / - / , ISP:
7102|_[ + ] Found:: UNIDENTIFIED
7103
7104 _[ - ]::--------------------------------------------------------------------------------------------------------------
7105|_[ + ] [ 71 / 100 ]-[23:37:42] [ - ]
7106|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5614/yenisafak ]
7107|_[ + ] Exploit::
7108|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7109|_[ + ] More details:: / - / , ISP:
7110|_[ + ] Found:: UNIDENTIFIED
7111
7112 _[ - ]::--------------------------------------------------------------------------------------------------------------
7113|_[ + ] [ 72 / 100 ]-[23:37:44] [ - ]
7114|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=17 ]
7115|_[ + ] Exploit::
7116|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7117|_[ + ] More details:: / - / , ISP:
7118|_[ + ] Found:: UNIDENTIFIED
7119
7120 _[ - ]::--------------------------------------------------------------------------------------------------------------
7121|_[ + ] [ 73 / 100 ]-[23:37:45] [ - ]
7122|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/destekler/3/destekler ]
7123|_[ + ] Exploit::
7124|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7125|_[ + ] More details:: / - / , ISP:
7126|_[ + ] Found:: UNIDENTIFIED
7127
7128 _[ - ]::--------------------------------------------------------------------------------------------------------------
7129|_[ + ] [ 74 / 100 ]-[23:37:47] [ - ]
7130|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/bilgiedinme?PI=2 ]
7131|_[ + ] Exploit::
7132|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7133|_[ + ] More details:: / - / , ISP:
7134|_[ + ] Found:: UNIDENTIFIED
7135
7136 _[ - ]::--------------------------------------------------------------------------------------------------------------
7137|_[ + ] [ 75 / 100 ]-[23:37:47] [ - ]
7138|_[ + ] Target:: [ http://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=18 ]
7139|_[ + ] Exploit::
7140|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
7141|_[ + ] More details:: / - / , ISP:
7142|_[ + ] Found:: UNIDENTIFIED
7143
7144 _[ - ]::--------------------------------------------------------------------------------------------------------------
7145|_[ + ] [ 76 / 100 ]-[23:37:48] [ - ]
7146|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6285/mevzuat ]
7147|_[ + ] Exploit::
7148|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7149|_[ + ] More details:: / - / , ISP:
7150|_[ + ] Found:: UNIDENTIFIED
7151
7152 _[ - ]::--------------------------------------------------------------------------------------------------------------
7153|_[ + ] [ 77 / 100 ]-[23:37:50] [ - ]
7154|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/destekdetay/6848/mevzuat ]
7155|_[ + ] Exploit::
7156|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7157|_[ + ] More details:: / - / , ISP:
7158|_[ + ] Found:: UNIDENTIFIED
7159
7160 _[ - ]::--------------------------------------------------------------------------------------------------------------
7161|_[ + ] [ 78 / 100 ]-[23:37:51] [ - ]
7162|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6332/mevzuat ]
7163|_[ + ] Exploit::
7164|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7165|_[ + ] More details:: / - / , ISP:
7166|_[ + ] Found:: UNIDENTIFIED
7167
7168 _[ - ]::--------------------------------------------------------------------------------------------------------------
7169|_[ + ] [ 79 / 100 ]-[23:37:52] [ - ]
7170|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/liste/6164/president ]
7171|_[ + ] Exploit::
7172|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7173|_[ + ] More details:: / - / , ISP:
7174|_[ + ] Found:: UNIDENTIFIED
7175
7176 _[ - ]::--------------------------------------------------------------------------------------------------------------
7177|_[ + ] [ 80 / 100 ]-[23:37:53] [ - ]
7178|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6257/mevzuat ]
7179|_[ + ] Exploit::
7180|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7181|_[ + ] More details:: / - / , ISP:
7182|_[ + ] Found:: UNIDENTIFIED
7183
7184 _[ - ]::--------------------------------------------------------------------------------------------------------------
7185|_[ + ] [ 81 / 100 ]-[23:37:54] [ - ]
7186|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6249/mevzuat ]
7187|_[ + ] Exploit::
7188|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7189|_[ + ] More details:: / - / , ISP:
7190|_[ + ] Found:: UNIDENTIFIED
7191
7192 _[ - ]::--------------------------------------------------------------------------------------------------------------
7193|_[ + ] [ 82 / 100 ]-[23:37:56] [ - ]
7194|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/liste/6165/legislation ]
7195|_[ + ] Exploit::
7196|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7197|_[ + ] More details:: / - / , ISP:
7198|_[ + ] Found:: UNIDENTIFIED
7199
7200 _[ - ]::--------------------------------------------------------------------------------------------------------------
7201|_[ + ] [ 83 / 100 ]-[23:37:57] [ - ]
7202|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/medyatakip?Page=58 ]
7203|_[ + ] Exploit::
7204|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7205|_[ + ] More details:: / - / , ISP:
7206|_[ + ] Found:: UNIDENTIFIED
7207
7208 _[ - ]::--------------------------------------------------------------------------------------------------------------
7209|_[ + ] [ 84 / 100 ]-[23:37:59] [ - ]
7210|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/organizasyondetay/3063/baskan-yardimcisi ]
7211|_[ + ] Exploit::
7212|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7213|_[ + ] More details:: / - / , ISP:
7214|_[ + ] Found:: UNIDENTIFIED
7215
7216 _[ - ]::--------------------------------------------------------------------------------------------------------------
7217|_[ + ] [ 85 / 100 ]-[23:38:00] [ - ]
7218|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/172/isbirligi-teklifleri ]
7219|_[ + ] Exploit::
7220|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7221|_[ + ] More details:: / - / , ISP:
7222|_[ + ] Found:: UNIDENTIFIED
7223
7224 _[ - ]::--------------------------------------------------------------------------------------------------------------
7225|_[ + ] [ 86 / 100 ]-[23:38:01] [ - ]
7226|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6337/getham-projesi ]
7227|_[ + ] Exploit::
7228|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7229|_[ + ] More details:: / - / , ISP:
7230|_[ + ] Found:: UNIDENTIFIED
7231
7232 _[ - ]::--------------------------------------------------------------------------------------------------------------
7233|_[ + ] [ 87 / 100 ]-[23:38:03] [ - ]
7234|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/190/all-supports ]
7235|_[ + ] Exploit::
7236|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7237|_[ + ] More details:: / - / , ISP:
7238|_[ + ] Found:: UNIDENTIFIED
7239
7240 _[ - ]::--------------------------------------------------------------------------------------------------------------
7241|_[ + ] [ 88 / 100 ]-[23:38:04] [ - ]
7242|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6495/turkiye-gazetesi ]
7243|_[ + ] Exploit::
7244|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7245|_[ + ] More details:: / - / , ISP:
7246|_[ + ] Found:: UNIDENTIFIED
7247
7248 _[ - ]::--------------------------------------------------------------------------------------------------------------
7249|_[ + ] [ 89 / 100 ]-[23:38:06] [ - ]
7250|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/7204/buyumekuculme-gostergeleri ]
7251|_[ + ] Exploit::
7252|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7253|_[ + ] More details:: / - / , ISP:
7254|_[ + ] Found:: UNIDENTIFIED
7255
7256 _[ - ]::--------------------------------------------------------------------------------------------------------------
7257|_[ + ] [ 90 / 100 ]-[23:38:07] [ - ]
7258|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6949/takvim-gazetesi ]
7259|_[ + ] Exploit::
7260|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7261|_[ + ] More details:: / - / , ISP:
7262|_[ + ] Found:: UNIDENTIFIED
7263
7264 _[ - ]::--------------------------------------------------------------------------------------------------------------
7265|_[ + ] [ 91 / 100 ]-[23:38:09] [ - ]
7266|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/7053/aksam-gazetesi ]
7267|_[ + ] Exploit::
7268|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7269|_[ + ] More details:: / - / , ISP:
7270|_[ + ] Found:: UNIDENTIFIED
7271
7272 _[ - ]::--------------------------------------------------------------------------------------------------------------
7273|_[ + ] [ 92 / 100 ]-[23:38:10] [ - ]
7274|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/194/girisimcilik-zirvesi ]
7275|_[ + ] Exploit::
7276|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7277|_[ + ] More details:: / - / , ISP:
7278|_[ + ] Found:: UNIDENTIFIED
7279
7280 _[ - ]::--------------------------------------------------------------------------------------------------------------
7281|_[ + ] [ 93 / 100 ]-[23:38:12] [ - ]
7282|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5887/posta-gazetesi ]
7283|_[ + ] Exploit::
7284|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7285|_[ + ] More details:: / - / , ISP:
7286|_[ + ] Found:: UNIDENTIFIED
7287
7288 _[ - ]::--------------------------------------------------------------------------------------------------------------
7289|_[ + ] [ 94 / 100 ]-[23:38:13] [ - ]
7290|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5970/posta-gazetesi ]
7291|_[ + ] Exploit::
7292|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7293|_[ + ] More details:: / - / , ISP:
7294|_[ + ] Found:: UNIDENTIFIED
7295
7296 _[ - ]::--------------------------------------------------------------------------------------------------------------
7297|_[ + ] [ 95 / 100 ]-[23:38:15] [ - ]
7298|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6826/kamuoyuna-duyuru ]
7299|_[ + ] Exploit::
7300|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7301|_[ + ] More details:: / - / , ISP:
7302|_[ + ] Found:: UNIDENTIFIED
7303
7304 _[ - ]::--------------------------------------------------------------------------------------------------------------
7305|_[ + ] [ 96 / 100 ]-[23:38:17] [ - ]
7306|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5862/posta-gazetesi ]
7307|_[ + ] Exploit::
7308|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7309|_[ + ] More details:: / - / , ISP:
7310|_[ + ] Found:: UNIDENTIFIED
7311
7312 _[ - ]::--------------------------------------------------------------------------------------------------------------
7313|_[ + ] [ 97 / 100 ]-[23:38:18] [ - ]
7314|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/145/isbirligi-teklifleri ]
7315|_[ + ] Exploit::
7316|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7317|_[ + ] More details:: / - / , ISP:
7318|_[ + ] Found:: UNIDENTIFIED
7319
7320 _[ - ]::--------------------------------------------------------------------------------------------------------------
7321|_[ + ] [ 98 / 100 ]-[23:38:19] [ - ]
7322|_[ + ] Target:: [ http://www.kosgeb.gov.tr/site/tr/genel/liste/2?Page=8 ]
7323|_[ + ] Exploit::
7324|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
7325|_[ + ] More details:: / - / , ISP:
7326|_[ + ] Found:: UNIDENTIFIED
7327
7328 _[ - ]::--------------------------------------------------------------------------------------------------------------
7329|_[ + ] [ 99 / 100 ]-[23:38:20] [ - ]
7330|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6216/sabah-gazetesi ]
7331|_[ + ] Exploit::
7332|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7333|_[ + ] More details:: / - / , ISP:
7334|_[ + ] Found:: UNIDENTIFIED
7335
7336[ INFO ] [ Shutting down ]
7337[ INFO ] [ End of process INURLBR at [10-11-2019 23:38:20]
7338[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
7339[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.kosgeb.gov.tr/output/inurlbr-www.kosgeb.gov.tr ]
7340|_________________________________________________________________________________________
7341
7342\_________________________________________________________________________________________/
7343#######################################################################################################################################
7344https://edevlet.kosgeb.gov.tr
7345https://edevlet.kosgeb.gov.tr/
7346https://envanter.kaysis.gov.tr/?Kurum=80228899
7347https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700,800
7348https://fonts.googleapis.com/css?family=Oswald:400,300,700
7349https://lms.kosgeb.gov.tr/
7350https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637032203348858710.jpg
7351https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637033058797627264.jpg
7352https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637040699534622537.jpg
7353https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637042377009310204.jpg
7354https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637047466604143806.jpg
7355https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637048281898132906.jpg
7356https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637048534463596490.jpg
7357https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637048536653291917.jpg
7358https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637049406504265267.jpg
7359https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637051839063169538.jpg
7360https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637052007465233386.jpg
7361https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637053686377619443.jpg
7362https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637057812394212191.jpg
7363https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637060731660067661.jpg
7364https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637067650802523088.jpg
7365https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637068371413300042.jpg
7366https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637070223412287664.jpg
7367https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637070426902220841.jpg
7368https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637073435332050838.jpg
7369https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637074229100297212.jpg
7370https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637074251168391021.jpg
7371https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637074508365219778.jpg
7372https://www.kosgeb.gov.tr/Content/upload/Image/thumb/260X195-kosgeb637087316973489351.jpg
7373https://www.kosgeb.gov.tr/site/tr/genel/destekdetay/6985/isgemtekmer-programi
7374https://www.kosgeb.gov.tr/site/tr/genel/detay/7023/kosgeb-6-kobi-ve-girisimcilik-odul-finalistleri
7375https://www.kosgeb.gov.tr/site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
7376https://www.kosgeb.gov.tr/site/tr/genel/detay/7226/geleneksel-girisimciye-50-bin-tlye-kadar-finansman-destegi
7377https://www.kosgeb.gov.tr/site/tr/media/detay/7219/2019-ekim-edergi
7378https://www.kosgeb.gov.tr/Web/Content/assets/js/jssor.slider-27.5.0.min.js
7379https://www.sanayi.gov.tr/
7380http://temsilcilik.kosgeb.gov.tr/
7381http://www.kobivegirisimcilikodulleri.gov.tr
7382http://www.kosgeb.gov.tr/site/tr/genel/detay/6316/kobi-ve-girisimcilerimizin-dikkatine
7383http://www.kosgeb.gov.tr/site/tr/genel/detay/7137/yurtdisi-pazar-destek-programi-yururluge-girdi
7384/site
7385/site/tr/baglanti/fuarliste
7386/site/tr/baglanti/ugeliste
7387/site/tr/baglanti/yigliste/0/yurt-disi-is-gezisi-duyurulari
7388/site/tr/genel/destekler/3/destekler
7389/site/tr/genel/destekler/6312/girisimcilik-destekleri
7390/site/tr/genel/destekler/6313/arge-teknolojik-uretim-ve-yerlilestirme-destekleri
7391/site/tr/genel/destekler/6314/isletme-gelistirme-buyume-ve-uluslararasilasma-destekleri
7392/site/tr/genel/destekler/6315/kobi-finansman-destekleri
7393/site/tr/genel/destekler/6316/laboratuvar-hizmetleri
7394/site/tr/genel/destekler/6343/isgemtekmer-programi
7395/site/tr/genel/detay/203/ekatalog-edergi
7396/site/tr/genel/detay/5686/turkiye-avrupa-birligi-iliskileri
7397/site/tr/genel/detay/7128/kosgeb-baskani-prof-uzkurt-selden-zarar-goren-duzcede
7398/site/tr/genel/detay/7130/kosgeb-baskani-prof-uzkurt-eminonu-esnafina-seslendi
7399/site/tr/genel/detay/7136/kosgebden-kobileri-cesaretlendirecek-adim
7400/site/tr/genel/detay/7162/kosgeb-kobilerin-karnesini-cikardi
7401/site/tr/genel/detay/7166/kosgeb-baskani-uzkurt-isletmeye-ozgu-destekler-verme-asamasina-gececegiz
7402/site/tr/genel/detay/7168/basin-aciklamasi
7403/site/tr/genel/detay/7207/sri-lanka-buyukelcisinden-kosgebe-ziyaret
7404/site/tr/genel/detay/7210/sirbistan-ile-kobi-is-birligi
7405/site/tr/genel/detay/7221/kosgeb-baskani-prof-uzkurt-mardinde
7406/site/tr/genel/detay/7222/diyarbakirda-esnafla-bulustu-kosgeb-desteklerini-anlatti
7407/site/tr/genel/detay/7223/kosgeb-guney-asyaya-aciliyor
7408/site/tr/genel/detay/7224/kosgeb-baskani-uzkurt-hisiad-heyetini-kabul-etti
7409/site/tr/genel/detay/7225/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
7410/site/tr/genel/detay/7228/isletme-degerlendirme-raporu-begeni-topluyor
7411/site/tr/genel/detay/7231/kosgeb-destekli-keskin-nisanci-tufegi
7412/site/tr/genel/haftaninkobisi/0/haftanin-kobi-girisimcisi
7413/site/tr/genel/IletisimMerkezi
7414/site/tr/genel/kobimiyim/0/kobimiyim-testi
7415/site/tr/genel/liste/10/egitim-duyurulari
7416/site/tr/genel/liste/13/genel-duyurular
7417/site/tr/genel/liste/16/avrupa-isletmeler-agi-is-birligi-duyurulari
7418/site/tr/genel/liste/19/ab-ile-ilgili-proje-duyurulari
7419/site/tr/genel/liste/2/duyurular
7420/site/tr/genel/liste/31/genel-kurul-ve-icra-komitesi
7421/site/tr/genel/liste/35/vizyon-misyon-ve-temel-degerler
7422/site/tr/genel/liste/38/plan-raporlar-ve-mali-tablolar
7423/site/tr/genel/liste/39/istirakler
7424/site/tr/genel/liste/40/teskilat-semasi
7425/site/tr/genel/liste/43/cosme
7426/site/tr/genel/liste/6164/baskan
7427/site/tr/genel/liste/6165/mevzuat
7428/site/tr/genel/liste/6190/finansman-duyurulari
7429/site/tr/genel/liste/6228/uluslararasi-iliskiler
7430/site/tr/genel/liste/6340/kvkk-aydinlatma-metni
7431/site/tr/video/default/0/video-haber
7432/site/tr/video/detay/225/ilk-kez-yurt-disina-acilacak-kobilere-300-bin-tl-destek
7433/site/tr/video/detay/226/kosgeb-kobilerin-karnesini-cikardi
7434/site/tr/video/detay/227/isletme-degerlendirme-raporu-yururluge-girdi
7435/site/tr/video/detay/228/kosgebden-dev-hizmet
7436/site/tr/video/detay/229/kosgeb-baskani-trt-haberin-canli-yayin-konugu
7437/site/tr/video/detay/230/kosgeb-isletme-degerlendirme-raporu
7438/site/tr/video/detay/231/bakan-varank-kosgebin-yeni-finansman-destegini-acikladi
7439/site/tr/video/detay/232/kobiler-icin-yeni-destek-paketi
7440text/javascript
7441/Web/Content/assets/css/menu/fontello.css
7442/Web/Content/assets/css/menu/style.css
7443/Web/Content/assets/css/sumoselect.css
7444/Web/Content/assets/img/bsblogo.jpg
7445/Web/Content/assets/img/bsbLogo.png
7446/Web/Content/assets/img/CagriMerkezi.png
7447/Web/Content/assets/img/LogoAlt.png
7448/Web/Content/assets/js/bootstrap.js
7449/Web/Content/assets/js/circularnav.js
7450/Web/Content/assets/js/custom.js
7451/Web/Content/assets/js/imagesloaded.pkgd.min.js
7452/Web/Content/assets/js/jquery.gmap.min.js
7453/Web/Content/assets/js/jquery.min.js
7454/Web/Content/assets/js/jquery.nivo.slider.pack.js
7455/Web/Content/assets/js/jquery.parallax.js
7456/Web/Content/assets/js/jquery.prettyPhoto.js
7457/Web/Content/assets/js/jquery.sticky.js
7458/Web/Content/assets/js/jquery.wait.js
7459/Web/Content/assets/js/modernizr-2.6.2.min.js
7460/Web/Content/assets/js/revolution-slider/js/jquery.themepunch.revolution.min.js
7461/Web/Content/assets/js/superfish.js
7462/Web/Content/assets/js/tytabs.js
7463/Web/Content/assets/js/waypoints.min.js
7464/Web/Content/assets/plugins/FuncyBox/jquery.fancybox.css?v=1.05
7465/Web/Content/assets/plugins/FuncyBox/jquery.fancybox.js?v=1.05
7466/Web/Content/assets/plugins/ninja-slider/ninja-slider.css?v=1.05
7467/Web/Content/assets/plugins/ninja-slider/ninja-slider.js?v=1.05
7468/Web/Content/assets/scripts/jquery-1.12.1.js?v=1.05
7469#######################################################################################################################################
7470https://www.kosgeb.gov.tr [200 OK] ASP_NET[4.0.30319], Cookies[ASP.NET_SessionId], Country[TURKEY][TR], DublinCore, Google-Analytics[Universal][UA-35747174-4], HTML5, HTTPServer[Microsoft-IIS/8.5], HttpOnly[ASP.NET_SessionId], IP[88.255.226.247], JQuery[1.12.1], Microsoft-IIS[8.5], Modernizr[2.6.2.min], Open-Graph-Protocol[website], Script[text/javascript], Title[KOSGEB T.C. Küçük ve Orta Ölçekli İşletmeleri Geliştirme ve Destekleme İdaresi Başkanlığı], X-UA-Compatible[IE=10]
7471#######################################################################################################################################
7472
7473wig - WebApp Information Gatherer
7474
7475
7476Scanning https://www.kosgeb.gov.tr...
7477______________________ SITE INFO _______________________
7478IP Title
747988.255.226.247 KOSGEB T.C. Küçük ve Orta Öl
7480
7481_______________________ VERSION ________________________
7482Name Versions Type
7483ASP.NET 4.0.30319 Platform
7484IIS 8.5 Platform
7485Microsoft Windows Server 2012 R2 OS
7486
7487________________________________________________________
7488Time: 1.7 sec Urls: 693 Fingerprints: 40401
7489#######################################################################################################################################
7490Version: 1.11.13-static
7491OpenSSL 1.0.2-chacha (1.0.2g-dev)
7492
7493Connected to 88.255.226.247
7494
7495Testing SSL server www.kosgeb.gov.tr on port 443 using SNI name www.kosgeb.gov.tr
7496
7497 TLS Fallback SCSV:
7498Server does not support TLS Fallback SCSV
7499
7500 TLS renegotiation:
7501Secure session renegotiation supported
7502
7503 TLS Compression:
7504Compression disabled
7505
7506 Heartbleed:
7507TLS 1.2 not vulnerable to heartbleed
7508TLS 1.1 not vulnerable to heartbleed
7509TLS 1.0 not vulnerable to heartbleed
7510
7511 Supported Server Cipher(s):
7512Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
7513Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
7514Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7515Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7516Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
7517Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
7518Accepted TLSv1.2 256 bits AES256-GCM-SHA384
7519Accepted TLSv1.2 128 bits AES128-GCM-SHA256
7520Accepted TLSv1.2 256 bits AES256-SHA256
7521Accepted TLSv1.2 128 bits AES128-SHA256
7522Accepted TLSv1.2 256 bits AES256-SHA
7523Accepted TLSv1.2 128 bits AES128-SHA
7524Accepted TLSv1.2 112 bits DES-CBC3-SHA
7525Accepted TLSv1.2 128 bits RC4-SHA
7526Accepted TLSv1.2 128 bits RC4-MD5
7527Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7528Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7529Accepted TLSv1.1 256 bits AES256-SHA
7530Accepted TLSv1.1 128 bits AES128-SHA
7531Accepted TLSv1.1 112 bits DES-CBC3-SHA
7532Accepted TLSv1.1 128 bits RC4-SHA
7533Accepted TLSv1.1 128 bits RC4-MD5
7534Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7535Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7536Accepted TLSv1.0 256 bits AES256-SHA
7537Accepted TLSv1.0 128 bits AES128-SHA
7538Accepted TLSv1.0 112 bits DES-CBC3-SHA
7539Accepted TLSv1.0 128 bits RC4-SHA
7540Accepted TLSv1.0 128 bits RC4-MD5
7541Preferred SSLv3 112 bits DES-CBC3-SHA
7542Accepted SSLv3 128 bits RC4-SHA
7543Accepted SSLv3 128 bits RC4-MD5
7544
7545 SSL Certificate:
7546Signature Algorithm: sha256WithRSAEncryption
7547RSA Key Strength: 2048
7548
7549Subject: *.kosgeb.gov.tr
7550Altnames: DNS:*.kosgeb.gov.tr, DNS:kosgeb.gov.tr
7551Issuer: COMODO RSA Domain Validation Secure Server CA
7552
7553Not valid before: Oct 4 00:00:00 2018 GMT
7554Not valid after: Oct 3 23:59:59 2020 GMT
7555#######################################################################################################################################
7556------------------------------------------------------------------------------------------------------------------------
7557
7558[ ! ] Starting SCANNER INURLBR 2.1 at [10-11-2019 23:45:59]
7559[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
7560It is the end user's responsibility to obey all applicable local, state and federal laws.
7561Developers assume no liability and are not responsible for any misuse or damage caused by this program
7562
7563[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.kosgeb.gov.tr/output/inurlbr-www.kosgeb.gov.tr ]
7564[ INFO ][ DORK ]::[ site:www.kosgeb.gov.tr ]
7565[ INFO ][ SEARCHING ]:: {
7566[ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.mt ]
7567
7568[ INFO ][ SEARCHING ]::
7569-[:::]
7570[ INFO ][ ENGINE ]::[ GOOGLE API ]
7571
7572[ INFO ][ SEARCHING ]::
7573-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
7574[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.kw ID: 005911257635119896548:iiolgmwf2se ]
7575
7576[ INFO ][ SEARCHING ]::
7577-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
7578
7579[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
7580
7581
7582 _[ - ]::--------------------------------------------------------------------------------------------------------------
7583|_[ + ] [ 0 / 100 ]-[23:46:12] [ - ]
7584|_[ + ] Target:: [ https://www.kosgeb.gov.tr/ ]
7585|_[ + ] Exploit::
7586|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7587|_[ + ] More details:: / - / , ISP:
7588|_[ + ] Found:: UNIDENTIFIED
7589
7590 _[ - ]::--------------------------------------------------------------------------------------------------------------
7591|_[ + ] [ 1 / 100 ]-[23:46:12] [ - ]
7592|_[ + ] Target:: [ http://www.kosgeb.gov.tr/Harita.aspx ]
7593|_[ + ] Exploit::
7594|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
7595|_[ + ] More details:: / - / , ISP:
7596|_[ + ] Found:: UNIDENTIFIED
7597
7598 _[ - ]::--------------------------------------------------------------------------------------------------------------
7599|_[ + ] [ 2 / 100 ]-[23:46:14] [ - ]
7600|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en ]
7601|_[ + ] Exploit::
7602|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7603|_[ + ] More details:: / - / , ISP:
7604|_[ + ] Found:: UNIDENTIFIED
7605
7606 _[ - ]::--------------------------------------------------------------------------------------------------------------
7607|_[ + ] [ 3 / 100 ]-[23:46:15] [ - ]
7608|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten ]
7609|_[ + ] Exploit::
7610|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7611|_[ + ] More details:: / - / , ISP:
7612|_[ + ] Found:: UNIDENTIFIED
7613
7614 _[ - ]::--------------------------------------------------------------------------------------------------------------
7615|_[ + ] [ 4 / 100 ]-[23:46:17] [ - ]
7616|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste ]
7617|_[ + ] Exploit::
7618|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7619|_[ + ] More details:: / - / , ISP:
7620|_[ + ] Found:: UNIDENTIFIED
7621
7622 _[ - ]::--------------------------------------------------------------------------------------------------------------
7623|_[ + ] [ 5 / 100 ]-[23:46:19] [ - ]
7624|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/fuarliste ]
7625|_[ + ] Exploit::
7626|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7627|_[ + ] More details:: / - / , ISP:
7628|_[ + ] Found:: UNIDENTIFIED
7629
7630 _[ - ]::--------------------------------------------------------------------------------------------------------------
7631|_[ + ] [ 6 / 100 ]-[23:46:20] [ - ]
7632|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/medyatakip ]
7633|_[ + ] Exploit::
7634|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7635|_[ + ] More details:: / - / , ISP:
7636|_[ + ] Found:: UNIDENTIFIED
7637
7638 _[ - ]::--------------------------------------------------------------------------------------------------------------
7639|_[ + ] [ 7 / 100 ]-[23:46:25] [ - ]
7640|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/mudurlukler ]
7641|_[ + ] Exploit::
7642|_[ + ] Information Server:: , , IP:88.255.226.247:443
7643|_[ + ] More details:: / - / , ISP:
7644|_[ + ] Found:: UNIDENTIFIED
7645
7646 _[ - ]::--------------------------------------------------------------------------------------------------------------
7647|_[ + ] [ 8 / 100 ]-[23:46:31] [ - ]
7648|_[ + ] Target:: [ http://www.kosgeb.gov.tr/BasinOdasi.aspx?ref=43 ]
7649|_[ + ] Exploit::
7650|_[ + ] Information Server:: , , IP:88.255.226.247:80
7651|_[ + ] More details:: / - / , ISP:
7652|_[ + ] Found:: UNIDENTIFIED
7653
7654 _[ - ]::--------------------------------------------------------------------------------------------------------------
7655|_[ + ] [ 9 / 100 ]-[23:46:36] [ - ]
7656|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/mudurlukler ]
7657|_[ + ] Exploit::
7658|_[ + ] Information Server:: , , IP:88.255.226.247:443
7659|_[ + ] More details:: / - / , ISP:
7660|_[ + ] Found:: UNIDENTIFIED
7661
7662 _[ - ]::--------------------------------------------------------------------------------------------------------------
7663|_[ + ] [ 10 / 100 ]-[23:46:41] [ - ]
7664|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/iletisim ]
7665|_[ + ] Exploit::
7666|_[ + ] Information Server:: , , IP:88.255.226.247:443
7667|_[ + ] More details:: / - / , ISP:
7668|_[ + ] Found:: UNIDENTIFIED
7669
7670 _[ - ]::--------------------------------------------------------------------------------------------------------------
7671|_[ + ] [ 11 / 100 ]-[23:46:43] [ - ]
7672|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/DesteklenenSektor ]
7673|_[ + ] Exploit::
7674|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7675|_[ + ] More details:: / - / , ISP:
7676|_[ + ] Found:: UNIDENTIFIED
7677
7678 _[ - ]::--------------------------------------------------------------------------------------------------------------
7679|_[ + ] [ 12 / 100 ]-[23:46:44] [ - ]
7680|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/isletmedurumsorgulama ]
7681|_[ + ] Exploit::
7682|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7683|_[ + ] More details:: / - / , ISP:
7684|_[ + ] Found:: UNIDENTIFIED
7685
7686 _[ - ]::--------------------------------------------------------------------------------------------------------------
7687|_[ + ] [ 13 / 100 ]-[23:46:45] [ - ]
7688|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/kayit ]
7689|_[ + ] Exploit::
7690|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7691|_[ + ] More details:: / - / , ISP:
7692|_[ + ] Found:: UNIDENTIFIED
7693
7694 _[ - ]::--------------------------------------------------------------------------------------------------------------
7695|_[ + ] [ 14 / 100 ]-[23:46:47] [ - ]
7696|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/iletisimformu ]
7697|_[ + ] Exploit::
7698|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7699|_[ + ] More details:: / - / , ISP:
7700|_[ + ] Found:: UNIDENTIFIED
7701
7702 _[ - ]::--------------------------------------------------------------------------------------------------------------
7703|_[ + ] [ 15 / 100 ]-[23:46:48] [ - ]
7704|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/isletmedurumsorgulama ]
7705|_[ + ] Exploit::
7706|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7707|_[ + ] More details:: / - / , ISP:
7708|_[ + ] Found:: UNIDENTIFIED
7709
7710 _[ - ]::--------------------------------------------------------------------------------------------------------------
7711|_[ + ] [ 16 / 100 ]-[23:46:50] [ - ]
7712|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/68 ]
7713|_[ + ] Exploit::
7714|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7715|_[ + ] More details:: / - / , ISP:
7716|_[ + ] Found:: UNIDENTIFIED
7717
7718 _[ - ]::--------------------------------------------------------------------------------------------------------------
7719|_[ + ] [ 17 / 100 ]-[23:46:51] [ - ]
7720|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/63 ]
7721|_[ + ] Exploit::
7722|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7723|_[ + ] More details:: / - / , ISP:
7724|_[ + ] Found:: UNIDENTIFIED
7725
7726 _[ - ]::--------------------------------------------------------------------------------------------------------------
7727|_[ + ] [ 18 / 100 ]-[23:46:52] [ - ]
7728|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/60 ]
7729|_[ + ] Exploit::
7730|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7731|_[ + ] More details:: / - / , ISP:
7732|_[ + ] Found:: UNIDENTIFIED
7733
7734 _[ - ]::--------------------------------------------------------------------------------------------------------------
7735|_[ + ] [ 19 / 100 ]-[23:46:54] [ - ]
7736|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/17 ]
7737|_[ + ] Exploit::
7738|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7739|_[ + ] More details:: / - / , ISP:
7740|_[ + ] Found:: UNIDENTIFIED
7741
7742 _[ - ]::--------------------------------------------------------------------------------------------------------------
7743|_[ + ] [ 20 / 100 ]-[23:46:55] [ - ]
7744|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ebulten/detay/5 ]
7745|_[ + ] Exploit::
7746|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7747|_[ + ] More details:: / - / , ISP:
7748|_[ + ] Found:: UNIDENTIFIED
7749
7750 _[ - ]::--------------------------------------------------------------------------------------------------------------
7751|_[ + ] [ 21 / 100 ]-[23:46:57] [ - ]
7752|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=6 ]
7753|_[ + ] Exploit::
7754|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7755|_[ + ] More details:: / - / , ISP:
7756|_[ + ] Found:: UNIDENTIFIED
7757
7758 _[ - ]::--------------------------------------------------------------------------------------------------------------
7759|_[ + ] [ 22 / 100 ]-[23:46:58] [ - ]
7760|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=45 ]
7761|_[ + ] Exploit::
7762|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7763|_[ + ] More details:: / - / , ISP:
7764|_[ + ] Found:: UNIDENTIFIED
7765
7766 _[ - ]::--------------------------------------------------------------------------------------------------------------
7767|_[ + ] [ 23 / 100 ]-[23:47:00] [ - ]
7768|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/organizasyondetay/1003/baskan ]
7769|_[ + ] Exploit::
7770|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7771|_[ + ] More details:: / - / , ISP:
7772|_[ + ] Found:: UNIDENTIFIED
7773
7774 _[ - ]::--------------------------------------------------------------------------------------------------------------
7775|_[ + ] [ 24 / 100 ]-[23:47:01] [ - ]
7776|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6286/slogan ]
7777|_[ + ] Exploit::
7778|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7779|_[ + ] More details:: / - / , ISP:
7780|_[ + ] Found:: UNIDENTIFIED
7781
7782 _[ - ]::--------------------------------------------------------------------------------------------------------------
7783|_[ + ] [ 25 / 100 ]-[23:47:02] [ - ]
7784|_[ + ] Target:: [ http://www.kosgeb.gov.tr/Pages/UI/BasariOykuleri.aspx?ref=82 ]
7785|_[ + ] Exploit::
7786|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
7787|_[ + ] More details:: / - / , ISP:
7788|_[ + ] Found:: UNIDENTIFIED
7789
7790 _[ - ]::--------------------------------------------------------------------------------------------------------------
7791|_[ + ] [ 26 / 100 ]-[23:47:03] [ - ]
7792|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=55 ]
7793|_[ + ] Exploit::
7794|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7795|_[ + ] More details:: / - / , ISP:
7796|_[ + ] Found:: UNIDENTIFIED
7797
7798 _[ - ]::--------------------------------------------------------------------------------------------------------------
7799|_[ + ] [ 27 / 100 ]-[23:47:04] [ - ]
7800|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5596/akit ]
7801|_[ + ] Exploit::
7802|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7803|_[ + ] More details:: / - / , ISP:
7804|_[ + ] Found:: UNIDENTIFIED
7805
7806 _[ - ]::--------------------------------------------------------------------------------------------------------------
7807|_[ + ] [ 28 / 100 ]-[23:47:06] [ - ]
7808|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5572/para ]
7809|_[ + ] Exploit::
7810|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7811|_[ + ] More details:: / - / , ISP:
7812|_[ + ] Found:: UNIDENTIFIED
7813
7814 _[ - ]::--------------------------------------------------------------------------------------------------------------
7815|_[ + ] [ 29 / 100 ]-[23:47:08] [ - ]
7816|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5871/kobiefor ]
7817|_[ + ] Exploit::
7818|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7819|_[ + ] More details:: / - / , ISP:
7820|_[ + ] Found:: UNIDENTIFIED
7821
7822 _[ - ]::--------------------------------------------------------------------------------------------------------------
7823|_[ + ] [ 30 / 100 ]-[23:47:09] [ - ]
7824|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5956/haberturk ]
7825|_[ + ] Exploit::
7826|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7827|_[ + ] More details:: / - / , ISP:
7828|_[ + ] Found:: UNIDENTIFIED
7829
7830 _[ - ]::--------------------------------------------------------------------------------------------------------------
7831|_[ + ] [ 31 / 100 ]-[23:47:11] [ - ]
7832|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=6 ]
7833|_[ + ] Exploit::
7834|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7835|_[ + ] More details:: / - / , ISP:
7836|_[ + ] Found:: UNIDENTIFIED
7837
7838 _[ - ]::--------------------------------------------------------------------------------------------------------------
7839|_[ + ] [ 32 / 100 ]-[23:47:12] [ - ]
7840|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=8 ]
7841|_[ + ] Exploit::
7842|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7843|_[ + ] More details:: / - / , ISP:
7844|_[ + ] Found:: UNIDENTIFIED
7845
7846 _[ - ]::--------------------------------------------------------------------------------------------------------------
7847|_[ + ] [ 33 / 100 ]-[23:47:13] [ - ]
7848|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=67 ]
7849|_[ + ] Exploit::
7850|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7851|_[ + ] More details:: / - / , ISP:
7852|_[ + ] Found:: UNIDENTIFIED
7853
7854 _[ - ]::--------------------------------------------------------------------------------------------------------------
7855|_[ + ] [ 34 / 100 ]-[23:47:15] [ - ]
7856|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5571/gunes ]
7857|_[ + ] Exploit::
7858|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7859|_[ + ] More details:: / - / , ISP:
7860|_[ + ] Found:: UNIDENTIFIED
7861
7862 _[ - ]::--------------------------------------------------------------------------------------------------------------
7863|_[ + ] [ 35 / 100 ]-[23:47:16] [ - ]
7864|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/bilgiedinme?PI=1 ]
7865|_[ + ] Exploit::
7866|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7867|_[ + ] More details:: / - / , ISP:
7868|_[ + ] Found:: UNIDENTIFIED
7869
7870 _[ - ]::--------------------------------------------------------------------------------------------------------------
7871|_[ + ] [ 36 / 100 ]-[23:47:17] [ - ]
7872|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=20 ]
7873|_[ + ] Exploit::
7874|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7875|_[ + ] More details:: / - / , ISP:
7876|_[ + ] Found:: UNIDENTIFIED
7877
7878 _[ - ]::--------------------------------------------------------------------------------------------------------------
7879|_[ + ] [ 37 / 100 ]-[23:47:19] [ - ]
7880|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=14 ]
7881|_[ + ] Exploit::
7882|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7883|_[ + ] More details:: / - / , ISP:
7884|_[ + ] Found:: UNIDENTIFIED
7885
7886 _[ - ]::--------------------------------------------------------------------------------------------------------------
7887|_[ + ] [ 38 / 100 ]-[23:47:20] [ - ]
7888|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=33 ]
7889|_[ + ] Exploit::
7890|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7891|_[ + ] More details:: / - / , ISP:
7892|_[ + ] Found:: UNIDENTIFIED
7893
7894 _[ - ]::--------------------------------------------------------------------------------------------------------------
7895|_[ + ] [ 39 / 100 ]-[23:47:22] [ - ]
7896|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/liste/2/announcement ]
7897|_[ + ] Exploit::
7898|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7899|_[ + ] More details:: / - / , ISP:
7900|_[ + ] Found:: UNIDENTIFIED
7901
7902 _[ - ]::--------------------------------------------------------------------------------------------------------------
7903|_[ + ] [ 40 / 100 ]-[23:47:23] [ - ]
7904|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=43 ]
7905|_[ + ] Exploit::
7906|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7907|_[ + ] More details:: / - / , ISP:
7908|_[ + ] Found:: UNIDENTIFIED
7909
7910 _[ - ]::--------------------------------------------------------------------------------------------------------------
7911|_[ + ] [ 41 / 100 ]-[23:47:25] [ - ]
7912|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=51 ]
7913|_[ + ] Exploit::
7914|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7915|_[ + ] More details:: / - / , ISP:
7916|_[ + ] Found:: UNIDENTIFIED
7917
7918 _[ - ]::--------------------------------------------------------------------------------------------------------------
7919|_[ + ] [ 42 / 100 ]-[23:47:25] [ - ]
7920|_[ + ] Target:: [ http://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=31 ]
7921|_[ + ] Exploit::
7922|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
7923|_[ + ] More details:: / - / , ISP:
7924|_[ + ] Found:: UNIDENTIFIED
7925
7926 _[ - ]::--------------------------------------------------------------------------------------------------------------
7927|_[ + ] [ 43 / 100 ]-[23:47:27] [ - ]
7928|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5623/turkiye ]
7929|_[ + ] Exploit::
7930|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7931|_[ + ] More details:: / - / , ISP:
7932|_[ + ] Found:: UNIDENTIFIED
7933
7934 _[ - ]::--------------------------------------------------------------------------------------------------------------
7935|_[ + ] [ 44 / 100 ]-[23:47:28] [ - ]
7936|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=63 ]
7937|_[ + ] Exploit::
7938|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7939|_[ + ] More details:: / - / , ISP:
7940|_[ + ] Found:: UNIDENTIFIED
7941
7942 _[ - ]::--------------------------------------------------------------------------------------------------------------
7943|_[ + ] [ 45 / 100 ]-[23:47:30] [ - ]
7944|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5606/haberturk ]
7945|_[ + ] Exploit::
7946|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7947|_[ + ] More details:: / - / , ISP:
7948|_[ + ] Found:: UNIDENTIFIED
7949
7950 _[ - ]::--------------------------------------------------------------------------------------------------------------
7951|_[ + ] [ 46 / 100 ]-[23:47:31] [ - ]
7952|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=41 ]
7953|_[ + ] Exploit::
7954|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7955|_[ + ] More details:: / - / , ISP:
7956|_[ + ] Found:: UNIDENTIFIED
7957
7958 _[ - ]::--------------------------------------------------------------------------------------------------------------
7959|_[ + ] [ 47 / 100 ]-[23:47:33] [ - ]
7960|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5593/gunes ]
7961|_[ + ] Exploit::
7962|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7963|_[ + ] More details:: / - / , ISP:
7964|_[ + ] Found:: UNIDENTIFIED
7965
7966 _[ - ]::--------------------------------------------------------------------------------------------------------------
7967|_[ + ] [ 48 / 100 ]-[23:47:34] [ - ]
7968|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=49 ]
7969|_[ + ] Exploit::
7970|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7971|_[ + ] More details:: / - / , ISP:
7972|_[ + ] Found:: UNIDENTIFIED
7973
7974 _[ - ]::--------------------------------------------------------------------------------------------------------------
7975|_[ + ] [ 49 / 100 ]-[23:47:35] [ - ]
7976|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/1083/haberler ]
7977|_[ + ] Exploit::
7978|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7979|_[ + ] More details:: / - / , ISP:
7980|_[ + ] Found:: UNIDENTIFIED
7981
7982 _[ - ]::--------------------------------------------------------------------------------------------------------------
7983|_[ + ] [ 50 / 100 ]-[23:47:37] [ - ]
7984|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6126/projeler ]
7985|_[ + ] Exploit::
7986|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
7987|_[ + ] More details:: / - / , ISP:
7988|_[ + ] Found:: UNIDENTIFIED
7989
7990 _[ - ]::--------------------------------------------------------------------------------------------------------------
7991|_[ + ] [ 51 / 100 ]-[23:47:37] [ - ]
7992|_[ + ] Target:: [ http://www.kosgeb.gov.tr/pages/ui/Destekler.aspx?ref=3 ]
7993|_[ + ] Exploit::
7994|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
7995|_[ + ] More details:: / - / , ISP:
7996|_[ + ] Found:: UNIDENTIFIED
7997
7998 _[ - ]::--------------------------------------------------------------------------------------------------------------
7999|_[ + ] [ 52 / 100 ]-[23:47:38] [ - ]
8000|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6164/baskan ]
8001|_[ + ] Exploit::
8002|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8003|_[ + ] More details:: / - / , ISP:
8004|_[ + ] Found:: UNIDENTIFIED
8005
8006 _[ - ]::--------------------------------------------------------------------------------------------------------------
8007|_[ + ] [ 53 / 100 ]-[23:47:40] [ - ]
8008|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=35 ]
8009|_[ + ] Exploit::
8010|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8011|_[ + ] More details:: / - / , ISP:
8012|_[ + ] Found:: UNIDENTIFIED
8013
8014 _[ - ]::--------------------------------------------------------------------------------------------------------------
8015|_[ + ] [ 54 / 100 ]-[23:47:41] [ - ]
8016|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6187/dergi ]
8017|_[ + ] Exploit::
8018|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8019|_[ + ] More details:: / - / , ISP:
8020|_[ + ] Found:: UNIDENTIFIED
8021
8022 _[ - ]::--------------------------------------------------------------------------------------------------------------
8023|_[ + ] [ 55 / 100 ]-[23:47:43] [ - ]
8024|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=60 ]
8025|_[ + ] Exploit::
8026|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8027|_[ + ] More details:: / - / , ISP:
8028|_[ + ] Found:: UNIDENTIFIED
8029
8030 _[ - ]::--------------------------------------------------------------------------------------------------------------
8031|_[ + ] [ 56 / 100 ]-[23:47:44] [ - ]
8032|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5537/vatan ]
8033|_[ + ] Exploit::
8034|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8035|_[ + ] More details:: / - / , ISP:
8036|_[ + ] Found:: UNIDENTIFIED
8037
8038 _[ - ]::--------------------------------------------------------------------------------------------------------------
8039|_[ + ] [ 57 / 100 ]-[23:47:46] [ - ]
8040|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/5/slider ]
8041|_[ + ] Exploit::
8042|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8043|_[ + ] More details:: / - / , ISP:
8044|_[ + ] Found:: UNIDENTIFIED
8045
8046 _[ - ]::--------------------------------------------------------------------------------------------------------------
8047|_[ + ] [ 58 / 100 ]-[23:47:47] [ - ]
8048|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=33 ]
8049|_[ + ] Exploit::
8050|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8051|_[ + ] More details:: / - / , ISP:
8052|_[ + ] Found:: UNIDENTIFIED
8053
8054 _[ - ]::--------------------------------------------------------------------------------------------------------------
8055|_[ + ] [ 59 / 100 ]-[23:47:49] [ - ]
8056|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6787/mevzuat ]
8057|_[ + ] Exploit::
8058|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8059|_[ + ] More details:: / - / , ISP:
8060|_[ + ] Found:: UNIDENTIFIED
8061
8062 _[ - ]::--------------------------------------------------------------------------------------------------------------
8063|_[ + ] [ 60 / 100 ]-[23:47:50] [ - ]
8064|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/4116/bagimsiz ]
8065|_[ + ] Exploit::
8066|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8067|_[ + ] More details:: / - / , ISP:
8068|_[ + ] Found:: UNIDENTIFIED
8069
8070 _[ - ]::--------------------------------------------------------------------------------------------------------------
8071|_[ + ] [ 61 / 100 ]-[23:47:52] [ - ]
8072|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=45 ]
8073|_[ + ] Exploit::
8074|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8075|_[ + ] More details:: / - / , ISP:
8076|_[ + ] Found:: UNIDENTIFIED
8077
8078 _[ - ]::--------------------------------------------------------------------------------------------------------------
8079|_[ + ] [ 62 / 100 ]-[23:47:53] [ - ]
8080|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=34 ]
8081|_[ + ] Exploit::
8082|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8083|_[ + ] More details:: / - / , ISP:
8084|_[ + ] Found:: UNIDENTIFIED
8085
8086 _[ - ]::--------------------------------------------------------------------------------------------------------------
8087|_[ + ] [ 63 / 100 ]-[23:47:54] [ - ]
8088|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=74 ]
8089|_[ + ] Exploit::
8090|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8091|_[ + ] More details:: / - / , ISP:
8092|_[ + ] Found:: UNIDENTIFIED
8093
8094 _[ - ]::--------------------------------------------------------------------------------------------------------------
8095|_[ + ] [ 64 / 100 ]-[23:47:56] [ - ]
8096|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/ulusaldestekler/destekkategorileri/11/etkinlikverimlilik ]
8097|_[ + ] Exploit::
8098|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8099|_[ + ] More details:: / - / , ISP:
8100|_[ + ] Found:: UNIDENTIFIED
8101
8102 _[ - ]::--------------------------------------------------------------------------------------------------------------
8103|_[ + ] [ 65 / 100 ]-[23:47:57] [ - ]
8104|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/3/destekler ]
8105|_[ + ] Exploit::
8106|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8107|_[ + ] More details:: / - / , ISP:
8108|_[ + ] Found:: UNIDENTIFIED
8109
8110 _[ - ]::--------------------------------------------------------------------------------------------------------------
8111|_[ + ] [ 66 / 100 ]-[23:47:59] [ - ]
8112|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=76 ]
8113|_[ + ] Exploit::
8114|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8115|_[ + ] More details:: / - / , ISP:
8116|_[ + ] Found:: UNIDENTIFIED
8117
8118 _[ - ]::--------------------------------------------------------------------------------------------------------------
8119|_[ + ] [ 67 / 100 ]-[23:48:00] [ - ]
8120|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=1 ]
8121|_[ + ] Exploit::
8122|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8123|_[ + ] More details:: / - / , ISP:
8124|_[ + ] Found:: UNIDENTIFIED
8125
8126 _[ - ]::--------------------------------------------------------------------------------------------------------------
8127|_[ + ] [ 68 / 100 ]-[23:48:02] [ - ]
8128|_[ + ] Target:: [ https://www.kosgeb.gov.tr/Pages/UI/b.aspx?ref=76 ]
8129|_[ + ] Exploit::
8130|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8131|_[ + ] More details:: / - / , ISP:
8132|_[ + ] Found:: UNIDENTIFIED
8133
8134 _[ - ]::--------------------------------------------------------------------------------------------------------------
8135|_[ + ] [ 69 / 100 ]-[23:48:03] [ - ]
8136|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=59 ]
8137|_[ + ] Exploit::
8138|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8139|_[ + ] More details:: / - / , ISP:
8140|_[ + ] Found:: UNIDENTIFIED
8141
8142 _[ - ]::--------------------------------------------------------------------------------------------------------------
8143|_[ + ] [ 70 / 100 ]-[23:48:04] [ - ]
8144|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=46 ]
8145|_[ + ] Exploit::
8146|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8147|_[ + ] More details:: / - / , ISP:
8148|_[ + ] Found:: UNIDENTIFIED
8149
8150 _[ - ]::--------------------------------------------------------------------------------------------------------------
8151|_[ + ] [ 71 / 100 ]-[23:48:06] [ - ]
8152|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5614/yenisafak ]
8153|_[ + ] Exploit::
8154|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8155|_[ + ] More details:: / - / , ISP:
8156|_[ + ] Found:: UNIDENTIFIED
8157
8158 _[ - ]::--------------------------------------------------------------------------------------------------------------
8159|_[ + ] [ 72 / 100 ]-[23:48:07] [ - ]
8160|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/baglanti/ugeliste?IlID=17 ]
8161|_[ + ] Exploit::
8162|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8163|_[ + ] More details:: / - / , ISP:
8164|_[ + ] Found:: UNIDENTIFIED
8165
8166 _[ - ]::--------------------------------------------------------------------------------------------------------------
8167|_[ + ] [ 73 / 100 ]-[23:48:09] [ - ]
8168|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/destekler/3/destekler ]
8169|_[ + ] Exploit::
8170|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8171|_[ + ] More details:: / - / , ISP:
8172|_[ + ] Found:: UNIDENTIFIED
8173
8174 _[ - ]::--------------------------------------------------------------------------------------------------------------
8175|_[ + ] [ 74 / 100 ]-[23:48:10] [ - ]
8176|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/bilgiedinme?PI=2 ]
8177|_[ + ] Exploit::
8178|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8179|_[ + ] More details:: / - / , ISP:
8180|_[ + ] Found:: UNIDENTIFIED
8181
8182 _[ - ]::--------------------------------------------------------------------------------------------------------------
8183|_[ + ] [ 75 / 100 ]-[23:48:11] [ - ]
8184|_[ + ] Target:: [ http://www.kosgeb.gov.tr/site/en/baglanti/ugeliste?IlID=18 ]
8185|_[ + ] Exploit::
8186|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
8187|_[ + ] More details:: / - / , ISP:
8188|_[ + ] Found:: UNIDENTIFIED
8189
8190 _[ - ]::--------------------------------------------------------------------------------------------------------------
8191|_[ + ] [ 76 / 100 ]-[23:48:12] [ - ]
8192|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6285/mevzuat ]
8193|_[ + ] Exploit::
8194|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8195|_[ + ] More details:: / - / , ISP:
8196|_[ + ] Found:: UNIDENTIFIED
8197
8198 _[ - ]::--------------------------------------------------------------------------------------------------------------
8199|_[ + ] [ 77 / 100 ]-[23:48:13] [ - ]
8200|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/destekdetay/6848/mevzuat ]
8201|_[ + ] Exploit::
8202|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8203|_[ + ] More details:: / - / , ISP:
8204|_[ + ] Found:: UNIDENTIFIED
8205
8206 _[ - ]::--------------------------------------------------------------------------------------------------------------
8207|_[ + ] [ 78 / 100 ]-[23:48:14] [ - ]
8208|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6332/mevzuat ]
8209|_[ + ] Exploit::
8210|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8211|_[ + ] More details:: / - / , ISP:
8212|_[ + ] Found:: UNIDENTIFIED
8213
8214 _[ - ]::--------------------------------------------------------------------------------------------------------------
8215|_[ + ] [ 79 / 100 ]-[23:48:15] [ - ]
8216|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/liste/6164/president ]
8217|_[ + ] Exploit::
8218|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8219|_[ + ] More details:: / - / , ISP:
8220|_[ + ] Found:: UNIDENTIFIED
8221
8222 _[ - ]::--------------------------------------------------------------------------------------------------------------
8223|_[ + ] [ 80 / 100 ]-[23:48:17] [ - ]
8224|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6257/mevzuat ]
8225|_[ + ] Exploit::
8226|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8227|_[ + ] More details:: / - / , ISP:
8228|_[ + ] Found:: UNIDENTIFIED
8229
8230 _[ - ]::--------------------------------------------------------------------------------------------------------------
8231|_[ + ] [ 81 / 100 ]-[23:48:18] [ - ]
8232|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6249/mevzuat ]
8233|_[ + ] Exploit::
8234|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8235|_[ + ] More details:: / - / , ISP:
8236|_[ + ] Found:: UNIDENTIFIED
8237
8238 _[ - ]::--------------------------------------------------------------------------------------------------------------
8239|_[ + ] [ 82 / 100 ]-[23:48:19] [ - ]
8240|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/en/genel/liste/6165/legislation ]
8241|_[ + ] Exploit::
8242|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8243|_[ + ] More details:: / - / , ISP:
8244|_[ + ] Found:: UNIDENTIFIED
8245
8246 _[ - ]::--------------------------------------------------------------------------------------------------------------
8247|_[ + ] [ 83 / 100 ]-[23:48:20] [ - ]
8248|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/medyatakip?Page=58 ]
8249|_[ + ] Exploit::
8250|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8251|_[ + ] More details:: / - / , ISP:
8252|_[ + ] Found:: UNIDENTIFIED
8253
8254 _[ - ]::--------------------------------------------------------------------------------------------------------------
8255|_[ + ] [ 84 / 100 ]-[23:48:22] [ - ]
8256|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/organizasyondetay/3063/baskan-yardimcisi ]
8257|_[ + ] Exploit::
8258|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8259|_[ + ] More details:: / - / , ISP:
8260|_[ + ] Found:: UNIDENTIFIED
8261
8262 _[ - ]::--------------------------------------------------------------------------------------------------------------
8263|_[ + ] [ 85 / 100 ]-[23:48:23] [ - ]
8264|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/172/isbirligi-teklifleri ]
8265|_[ + ] Exploit::
8266|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8267|_[ + ] More details:: / - / , ISP:
8268|_[ + ] Found:: UNIDENTIFIED
8269
8270 _[ - ]::--------------------------------------------------------------------------------------------------------------
8271|_[ + ] [ 86 / 100 ]-[23:48:24] [ - ]
8272|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/liste/6337/getham-projesi ]
8273|_[ + ] Exploit::
8274|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8275|_[ + ] More details:: / - / , ISP:
8276|_[ + ] Found:: UNIDENTIFIED
8277
8278 _[ - ]::--------------------------------------------------------------------------------------------------------------
8279|_[ + ] [ 87 / 100 ]-[23:48:26] [ - ]
8280|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/190/all-supports ]
8281|_[ + ] Exploit::
8282|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8283|_[ + ] More details:: / - / , ISP:
8284|_[ + ] Found:: UNIDENTIFIED
8285
8286 _[ - ]::--------------------------------------------------------------------------------------------------------------
8287|_[ + ] [ 88 / 100 ]-[23:48:27] [ - ]
8288|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6495/turkiye-gazetesi ]
8289|_[ + ] Exploit::
8290|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8291|_[ + ] More details:: / - / , ISP:
8292|_[ + ] Found:: UNIDENTIFIED
8293
8294 _[ - ]::--------------------------------------------------------------------------------------------------------------
8295|_[ + ] [ 89 / 100 ]-[23:48:29] [ - ]
8296|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/7204/buyumekuculme-gostergeleri ]
8297|_[ + ] Exploit::
8298|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8299|_[ + ] More details:: / - / , ISP:
8300|_[ + ] Found:: UNIDENTIFIED
8301
8302 _[ - ]::--------------------------------------------------------------------------------------------------------------
8303|_[ + ] [ 90 / 100 ]-[23:48:30] [ - ]
8304|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6949/takvim-gazetesi ]
8305|_[ + ] Exploit::
8306|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8307|_[ + ] More details:: / - / , ISP:
8308|_[ + ] Found:: UNIDENTIFIED
8309
8310 _[ - ]::--------------------------------------------------------------------------------------------------------------
8311|_[ + ] [ 91 / 100 ]-[23:48:32] [ - ]
8312|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/7053/aksam-gazetesi ]
8313|_[ + ] Exploit::
8314|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8315|_[ + ] More details:: / - / , ISP:
8316|_[ + ] Found:: UNIDENTIFIED
8317
8318 _[ - ]::--------------------------------------------------------------------------------------------------------------
8319|_[ + ] [ 92 / 100 ]-[23:48:33] [ - ]
8320|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/194/girisimcilik-zirvesi ]
8321|_[ + ] Exploit::
8322|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8323|_[ + ] More details:: / - / , ISP:
8324|_[ + ] Found:: UNIDENTIFIED
8325
8326 _[ - ]::--------------------------------------------------------------------------------------------------------------
8327|_[ + ] [ 93 / 100 ]-[23:48:35] [ - ]
8328|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5887/posta-gazetesi ]
8329|_[ + ] Exploit::
8330|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8331|_[ + ] More details:: / - / , ISP:
8332|_[ + ] Found:: UNIDENTIFIED
8333
8334 _[ - ]::--------------------------------------------------------------------------------------------------------------
8335|_[ + ] [ 94 / 100 ]-[23:48:36] [ - ]
8336|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5970/posta-gazetesi ]
8337|_[ + ] Exploit::
8338|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8339|_[ + ] More details:: / - / , ISP:
8340|_[ + ] Found:: UNIDENTIFIED
8341
8342 _[ - ]::--------------------------------------------------------------------------------------------------------------
8343|_[ + ] [ 95 / 100 ]-[23:48:37] [ - ]
8344|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6826/kamuoyuna-duyuru ]
8345|_[ + ] Exploit::
8346|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8347|_[ + ] More details:: / - / , ISP:
8348|_[ + ] Found:: UNIDENTIFIED
8349
8350 _[ - ]::--------------------------------------------------------------------------------------------------------------
8351|_[ + ] [ 96 / 100 ]-[23:48:41] [ - ]
8352|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/5862/posta-gazetesi ]
8353|_[ + ] Exploit::
8354|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8355|_[ + ] More details:: / - / , ISP:
8356|_[ + ] Found:: UNIDENTIFIED
8357
8358 _[ - ]::--------------------------------------------------------------------------------------------------------------
8359|_[ + ] [ 97 / 100 ]-[23:48:42] [ - ]
8360|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/145/isbirligi-teklifleri ]
8361|_[ + ] Exploit::
8362|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8363|_[ + ] More details:: / - / , ISP:
8364|_[ + ] Found:: UNIDENTIFIED
8365
8366 _[ - ]::--------------------------------------------------------------------------------------------------------------
8367|_[ + ] [ 98 / 100 ]-[23:48:43] [ - ]
8368|_[ + ] Target:: [ http://www.kosgeb.gov.tr/site/tr/genel/liste/2?Page=8 ]
8369|_[ + ] Exploit::
8370|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:80
8371|_[ + ] More details:: / - / , ISP:
8372|_[ + ] Found:: UNIDENTIFIED
8373
8374 _[ - ]::--------------------------------------------------------------------------------------------------------------
8375|_[ + ] [ 99 / 100 ]-[23:48:44] [ - ]
8376|_[ + ] Target:: [ https://www.kosgeb.gov.tr/site/tr/genel/detay/6216/sabah-gazetesi ]
8377|_[ + ] Exploit::
8378|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 , IP:88.255.226.247:443
8379|_[ + ] More details:: / - / , ISP:
8380|_[ + ] Found:: UNIDENTIFIED
8381
8382[ INFO ] [ Shutting down ]
8383[ INFO ] [ End of process INURLBR at [10-11-2019 23:48:44]
8384[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
8385[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.kosgeb.gov.tr/output/inurlbr-www.kosgeb.gov.tr ]
8386|_________________________________________________________________________________________
8387
8388\_________________________________________________________________________________________/
8389#######################################################################################################################################
8390Hosts
8391=====
8392
8393address mac name os_name os_flavor os_sp purpose info comments
8394------- --- ---- ------- --------- ----- ------- ---- --------
839588.255.226.247 88.255.226.247.static.ttnet.com.tr Unknown device
8396
8397Services
8398========
8399
8400host port proto name state info
8401---- ---- ----- ---- ----- ----
840288.255.226.247 53 udp domain unknown
840388.255.226.247 67 udp dhcps unknown
840488.255.226.247 68 udp dhcpc unknown
840588.255.226.247 69 udp tftp unknown
840688.255.226.247 80 tcp http open
840788.255.226.247 88 udp kerberos-sec unknown
840888.255.226.247 123 udp ntp unknown
840988.255.226.247 139 udp netbios-ssn unknown
841088.255.226.247 161 udp snmp unknown
841188.255.226.247 162 udp snmptrap unknown
841288.255.226.247 389 udp ldap unknown
841388.255.226.247 443 tcp https open
841488.255.226.247 500 udp isakmp unknown
841588.255.226.247 520 udp route unknown
841688.255.226.247 2049 udp nfs unknown
8417#######################################################################################################################################
8418omains still to check: 1
8419 Checking if the hostname kosgeb.gov.tr. given is in fact a domain...
8420
8421Analyzing domain: kosgeb.gov.tr.
8422 Checking NameServers using system default resolver...
8423 IP: 88.255.226.131 (Turkey)
8424 HostName: ns1.kosgeb.gov.tr Type: NS
8425 HostName: 88.255.226.131.static.ttnet.com.tr Type: PTR
8426 IP: 88.255.226.140 (Turkey)
8427 HostName: ns2.kosgeb.gov.tr Type: NS
8428 HostName: 88.255.226.140.static.ttnet.com.tr Type: PTR
8429
8430 Checking MailServers using system default resolver...
8431 IP: 88.255.226.216 (Turkey)
8432 HostName: imsva.kosgeb.gov.tr Type: MX
8433 HostName: imsva.kosgeb.gov.tr Type: PTR
8434
8435 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
8436 No zone transfer found on nameserver 88.255.226.140
8437 No zone transfer found on nameserver 88.255.226.131
8438
8439 Checking SPF record...
8440
8441 Checking 192 most common hostnames using system default resolver...
8442 IP: 88.255.226.247 (Turkey)
8443 HostName: www.kosgeb.gov.tr. Type: A
8444 IP: 88.255.226.138 (Turkey)
8445 HostName: mail.kosgeb.gov.tr. Type: A
8446 IP: 88.255.226.131 (Turkey)
8447 HostName: ns1.kosgeb.gov.tr Type: NS
8448 HostName: 88.255.226.131.static.ttnet.com.tr Type: PTR
8449 HostName: ns1.kosgeb.gov.tr. Type: A
8450 IP: 88.255.226.140 (Turkey)
8451 HostName: ns2.kosgeb.gov.tr Type: NS
8452 HostName: 88.255.226.140.static.ttnet.com.tr Type: PTR
8453 HostName: ns2.kosgeb.gov.tr. Type: A
8454
8455 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
8456 Checking netblock 88.255.226.0
8457
8458 Searching for kosgeb.gov.tr. emails in Google
8459 sibel.timisi@kosgeb.gov.tr&
8460 istanbulanadolu@kosgeb.gov.tr.
8461 dan.cetin.onel@kosgeb.gov.trB
8462 ...selin.duran@kosgeb.gov.tr.
8463
8464 Checking 5 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
8465 Host 88.255.226.247 is up (reset ttl 64)
8466 Host 88.255.226.140 is up (reset ttl 64)
8467 Host 88.255.226.216 is up (reset ttl 64)
8468 Host 88.255.226.138 is up (reset ttl 64)
8469 Host 88.255.226.131 is up (reset ttl 64)
8470
8471 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
8472 Scanning ip 88.255.226.247 (www.kosgeb.gov.tr.):
8473 80/tcp open http syn-ack ttl 110 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8474 |_http-server-header: Microsoft-HTTPAPI/2.0
8475 |_http-title: Not Found
8476 443/tcp open ssl/http syn-ack ttl 110 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8477 |_http-server-header: Microsoft-HTTPAPI/2.0
8478 |_http-title: Not Found
8479 | ssl-cert: Subject: commonName=*.kosgeb.gov.tr
8480 | Subject Alternative Name: DNS:*.kosgeb.gov.tr, DNS:kosgeb.gov.tr
8481 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
8482 | Public Key type: rsa
8483 | Public Key bits: 2048
8484 | Signature Algorithm: sha256WithRSAEncryption
8485 | Not valid before: 2018-10-04T00:00:00
8486 | Not valid after: 2020-10-03T23:59:59
8487 | MD5: 630a aba8 06e2 2a60 4b1a afe8 991c ce9c
8488 |_SHA-1: 4610 4be6 834d f77d 6ef1 09f3 dc00 e05a ca38 184a
8489 Device type: general purpose|WAP
8490 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
8491 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
8492 Scanning ip 88.255.226.140 (ns2.kosgeb.gov.tr.):
8493 Scanning ip 88.255.226.216 (imsva.kosgeb.gov.tr (PTR)):
8494 Scanning ip 88.255.226.138 (mail.kosgeb.gov.tr.):
8495 Scanning ip 88.255.226.131 (ns1.kosgeb.gov.tr.):
8496 WebCrawling domain's web servers... up to 50 max links.
8497
8498 + URL to crawl: http://www.kosgeb.gov.tr.
8499 + Date: 2019-11-10
8500
8501 + Crawling URL: http://www.kosgeb.gov.tr.:
8502 + Links:
8503 + Crawling http://www.kosgeb.gov.tr. (400 Bad Request)
8504 + Searching for directories...
8505 + Searching open folders...
8506
8507
8508 + URL to crawl: https://www.kosgeb.gov.tr.
8509 + Date: 2019-11-10
8510
8511 + Crawling URL: https://www.kosgeb.gov.tr.:
8512 + Links:
8513 + Crawling https://www.kosgeb.gov.tr.
8514 + Searching for directories...
8515 + Searching open folders...
8516
8517--Finished--
8518Summary information for domain kosgeb.gov.tr.
8519-----------------------------------------
8520 Domain Specific Information:
8521 Email: sibel.timisi@kosgeb.gov.tr&
8522 Email: istanbulanadolu@kosgeb.gov.tr.
8523 Email: dan.cetin.onel@kosgeb.gov.trB
8524 Email: ...selin.duran@kosgeb.gov.tr.
8525
8526 Domain Ips Information:
8527 IP: 88.255.226.247
8528 HostName: www.kosgeb.gov.tr. Type: A
8529 Country: Turkey
8530 Is Active: True (reset ttl 64)
8531 Port: 80/tcp open http syn-ack ttl 110 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8532 Script Info: |_http-server-header: Microsoft-HTTPAPI/2.0
8533 Script Info: |_http-title: Not Found
8534 Port: 443/tcp open ssl/http syn-ack ttl 110 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8535 Script Info: |_http-server-header: Microsoft-HTTPAPI/2.0
8536 Script Info: |_http-title: Not Found
8537 Script Info: | ssl-cert: Subject: commonName=*.kosgeb.gov.tr
8538 Script Info: | Subject Alternative Name: DNS:*.kosgeb.gov.tr, DNS:kosgeb.gov.tr
8539 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
8540 Script Info: | Public Key type: rsa
8541 Script Info: | Public Key bits: 2048
8542 Script Info: | Signature Algorithm: sha256WithRSAEncryption
8543 Script Info: | Not valid before: 2018-10-04T00:00:00
8544 Script Info: | Not valid after: 2020-10-03T23:59:59
8545 Script Info: | MD5: 630a aba8 06e2 2a60 4b1a afe8 991c ce9c
8546 Script Info: |_SHA-1: 4610 4be6 834d f77d 6ef1 09f3 dc00 e05a ca38 184a
8547 Script Info: Device type: general purpose|WAP
8548 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
8549 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
8550 IP: 88.255.226.140
8551 HostName: ns2.kosgeb.gov.tr Type: NS
8552 HostName: 88.255.226.140.static.ttnet.com.tr Type: PTR
8553 HostName: ns2.kosgeb.gov.tr. Type: A
8554 Country: Turkey
8555 Is Active: True (reset ttl 64)
8556 IP: 88.255.226.216
8557 HostName: imsva.kosgeb.gov.tr Type: MX
8558 HostName: imsva.kosgeb.gov.tr Type: PTR
8559 Type: SPF
8560 Country: Turkey
8561 Is Active: True (reset ttl 64)
8562 IP: 88.255.226.138
8563 HostName: mail.kosgeb.gov.tr. Type: A
8564 Country: Turkey
8565 Is Active: True (reset ttl 64)
8566 IP: 88.255.226.131
8567 HostName: ns1.kosgeb.gov.tr Type: NS
8568 HostName: 88.255.226.131.static.ttnet.com.tr Type: PTR
8569 HostName: ns1.kosgeb.gov.tr. Type: A
8570 Country: Turkey
8571 Is Active: True (reset ttl 64)
8572
8573--------------End Summary --------------
8574-----------------------------------------
8575######################################################################################################################################
8576
8577
8578 AVAILABLE PLUGINS
8579 -----------------
8580
8581 HeartbleedPlugin
8582 CompressionPlugin
8583 CertificateInfoPlugin
8584 RobotPlugin
8585 OpenSslCcsInjectionPlugin
8586 HttpHeadersPlugin
8587 SessionRenegotiationPlugin
8588 SessionResumptionPlugin
8589 EarlyDataPlugin
8590 FallbackScsvPlugin
8591 OpenSslCipherSuitesPlugin
8592
8593
8594
8595 CHECKING HOST(S) AVAILABILITY
8596 -----------------------------
8597
8598 88.255.226.247:443 => 88.255.226.247
8599
8600
8601
8602
8603 SCAN RESULTS FOR 88.255.226.247:443 - 88.255.226.247
8604 ----------------------------------------------------
8605
8606 * OpenSSL Heartbleed:
8607 OK - Not vulnerable to Heartbleed
8608
8609 * Deflate Compression:
8610 OK - Compression disabled
8611
8612 * TLSV1 Cipher Suites:
8613 Forward Secrecy OK - Supported
8614 RC4 INSECURE - Supported
8615
8616 Preferred:
8617 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
8618 Accepted:
8619 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
8620 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
8621 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
8622 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Error sending HTTP GET
8623 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Error sending HTTP GET
8624 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
8625 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits Error sending HTTP GET
8626
8627 * OpenSSL CCS Injection:
8628 OK - Not vulnerable to OpenSSL CCS injection
8629
8630 * SSLV3 Cipher Suites:
8631 Forward Secrecy INSECURE - Not Supported
8632 RC4 INSECURE - Supported
8633
8634 Preferred:
8635 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Error sending HTTP GET
8636 Accepted:
8637 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
8638 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
8639 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Error sending HTTP GET
8640
8641 * TLSV1_1 Cipher Suites:
8642 Forward Secrecy OK - Supported
8643 RC4 INSECURE - Supported
8644
8645 Preferred:
8646 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
8647 Accepted:
8648 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
8649 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
8650 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
8651 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
8652 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
8653 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
8654 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
8655 Undefined - An unexpected error happened:
8656 TLS_DH_anon_WITH_SEED_CBC_SHA timeout - timed out
8657 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
8658
8659 * SSLV2 Cipher Suites:
8660 Server rejected all cipher suites.
8661
8662 * TLS 1.2 Session Resumption Support:
8663 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
8664 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
8665
8666 * Session Renegotiation:
8667 Client-initiated Renegotiation: OK - Rejected
8668 Secure Renegotiation: OK - Supported
8669
8670 * TLSV1_3 Cipher Suites:
8671 Server rejected all cipher suites.
8672
8673 * Certificate Information:
8674 Content
8675 SHA1 Fingerprint: 46104be6834df77d6ef109f3dc00e05aca38184a
8676 Common Name: *.kosgeb.gov.tr
8677 Issuer: COMODO RSA Domain Validation Secure Server CA
8678 Serial Number: 260292759673636886099690677590789239724
8679 Not Before: 2018-10-04 00:00:00
8680 Not After: 2020-10-03 23:59:59
8681 Signature Algorithm: sha256
8682 Public Key Algorithm: RSA
8683 Key Size: 2048
8684 Exponent: 65537 (0x10001)
8685 DNS Subject Alternative Names: ['*.kosgeb.gov.tr', 'kosgeb.gov.tr']
8686
8687 Trust
8688 Hostname Validation: FAILED - Certificate does NOT match 88.255.226.247
8689 Android CA Store (9.0.0_r9): OK - Certificate is trusted
8690 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
8691 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
8692 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
8693 Windows CA Store (2019-05-27): OK - Certificate is trusted
8694 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
8695 Received Chain: *.kosgeb.gov.tr --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
8696 Verified Chain: *.kosgeb.gov.tr --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
8697 Received Chain Contains Anchor: OK - Anchor certificate not sent
8698 Received Chain Order: OK - Order is valid
8699 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
8700
8701 Extensions
8702 OCSP Must-Staple: NOT SUPPORTED - Extension not found
8703 Certificate Transparency: OK - 3 SCTs included
8704
8705 OCSP Stapling
8706 OCSP Response Status: successful
8707 Validation w/ Mozilla Store: OK - Response is trusted
8708 Responder Id: 90AF6A3A945A0BD890EA125673DF43B43A28DAE7
8709 Cert Status: good
8710 Cert Serial Number: C3D28FE04C44FAB88268DD8BE2BCB3AC
8711 This Update: Nov 7 14:23:53 2019 GMT
8712 Next Update: Nov 14 14:23:53 2019 GMT
8713
8714 * Downgrade Attacks:
8715 TLS_FALLBACK_SCSV: VULNERABLE - Signaling cipher suite not supported
8716
8717 * TLSV1_2 Cipher Suites:
8718 Forward Secrecy OK - Supported
8719 RC4 INSECURE - Supported
8720
8721 Preferred:
8722 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 404 Not Found
8723 Accepted:
8724 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
8725 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
8726 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
8727 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found
8728 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
8729 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
8730 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
8731 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
8732 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
8733 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 404 Not Found
8734 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
8735 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
8736 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
8737 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
8738 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
8739
8740 * ROBOT Attack:
8741 OK - Not vulnerable
8742
8743
8744 SCAN COMPLETED IN 30.35 S
8745#######################################################################################################################################
8746Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 23:29 EST
8747Nmap scan report for kosgeb.gov.tr (88.255.226.247)
8748Host is up (0.064s latency).
8749rDNS record for 88.255.226.247: 88.255.226.247.static.ttnet.com.tr
8750Not shown: 995 filtered ports
8751PORT STATE SERVICE
875225/tcp closed smtp
875380/tcp open http
8754139/tcp closed netbios-ssn
8755443/tcp open https
8756445/tcp closed microsoft-ds
8757
8758Host script results:
8759| dns-brute:
8760| DNS Brute-force hostnames:
8761| development.gov.tr - 212.154.115.51
8762| ipv6.gov.tr - 193.140.100.32
8763|_ mta.gov.tr - 31.145.51.12
8764#######################################################################################################################################
8765Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 23:27 EST
8766Nmap scan report for kosgeb.gov.tr (88.255.226.247)
8767Host is up (0.16s latency).
8768rDNS record for 88.255.226.247: 88.255.226.247.static.ttnet.com.tr
8769Not shown: 998 filtered ports
8770PORT STATE SERVICE
877180/tcp open http
8772443/tcp open https
8773#######################################################################################################################################
8774Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 23:25 EST
8775Nmap scan report for kosgeb.gov.tr (88.255.226.247)
8776Host is up (0.059s latency).
8777rDNS record for 88.255.226.247: 88.255.226.247.static.ttnet.com.tr
8778Not shown: 995 filtered ports
8779PORT STATE SERVICE VERSION
878025/tcp closed smtp
878180/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8782|_http-server-header: Microsoft-HTTPAPI/2.0
8783|_http-title: Not Found
8784139/tcp closed netbios-ssn
8785443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8786|_http-server-header: Microsoft-HTTPAPI/2.0
8787|_http-title: Not Found
8788445/tcp closed microsoft-ds
8789Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
8790#######################################################################################################################################
8791Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 23:20 EST
8792Nmap scan report for 88.255.226.247.static.ttnet.com.tr (88.255.226.247)
8793Host is up (0.13s latency).
8794Not shown: 995 filtered ports
8795PORT STATE SERVICE VERSION
879625/tcp closed smtp
879780/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8798|_http-server-header: Microsoft-HTTPAPI/2.0
8799|_http-title: Not Found
8800139/tcp closed netbios-ssn
8801443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8802|_http-server-header: Microsoft-HTTPAPI/2.0
8803|_http-title: Not Found
8804| ssl-cert: Subject: commonName=*.kosgeb.gov.tr
8805| Subject Alternative Name: DNS:*.kosgeb.gov.tr, DNS:kosgeb.gov.tr
8806| Not valid before: 2018-10-04T00:00:00
8807|_Not valid after: 2020-10-03T23:59:59
8808445/tcp closed microsoft-ds
8809Device type: general purpose
8810Running (JUST GUESSING): Linux 2.6.X (86%)
8811OS CPE: cpe:/o:linux:linux_kernel:2.6
8812Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (86%)
8813No exact OS matches for host (test conditions non-ideal).
8814Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
8815#######################################################################################################################################
8816Nmap scan report for 88.255.226.247.static.ttnet.com.tr (88.255.226.247)
8817Host is up (0.082s latency).
8818Not shown: 995 filtered ports
8819PORT STATE SERVICE VERSION
882025/tcp closed smtp
882180/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8822|_http-server-header: Microsoft-HTTPAPI/2.0
8823|_http-title: Not Found
8824139/tcp closed netbios-ssn
8825443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8826|_http-server-header: Microsoft-HTTPAPI/2.0
8827|_http-title: Not Found
8828| ssl-cert: Subject: commonName=*.kosgeb.gov.tr
8829| Subject Alternative Name: DNS:*.kosgeb.gov.tr, DNS:kosgeb.gov.tr
8830| Not valid before: 2018-10-04T00:00:00
8831|_Not valid after: 2020-10-03T23:59:59
8832445/tcp closed microsoft-ds
8833Device type: general purpose|WAP
8834Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
8835OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:microsoft:windows_server_2012
8836Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (90%), Tomato 1.27 - 1.28 (Linux 2.4.20) (86%), Microsoft Windows Server 2012 (85%), Microsoft Windows Server 2012 or Windows Server 2012 R2 (85%), Microsoft Windows Server 2012 R2 (85%)
8837No exact OS matches for host (test conditions non-ideal).
8838Network Distance: 2 hops
8839Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
8840
8841TRACEROUTE (using port 445/tcp)
8842HOP RTT ADDRESS
88431 54.60 ms 10.246.204.1
88442 54.60 ms 88.255.226.247.static.ttnet.com.tr (88.255.226.247)
8845#######################################################################################################################################
8846Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 23:28 EST
8847SENT (0.0895s) ICMP [10.246.204.206 > 88.255.226.247 Echo request (type=8/code=0) id=1388 seq=0] IP [ttl=48 id=18856 iplen=28 ]
8848SENT (0.0895s) igmp (2) 10.246.204.206 > 88.255.226.247: ttl=48 id=46773 iplen=28
8849SENT (0.0895s) ipv4 (4) 10.246.204.206 > 88.255.226.247: ttl=37 id=35935 iplen=20
8850SENT (2.0897s) ipv4 (4) 10.246.204.206 > 88.255.226.247: ttl=50 id=3402 iplen=20
8851SENT (2.0897s) igmp (2) 10.246.204.206 > 88.255.226.247: ttl=56 id=64896 iplen=28
8852SENT (2.0898s) ICMP [10.246.204.206 > 88.255.226.247 Echo request (type=8/code=0) id=1438 seq=0] IP [ttl=55 id=2979 iplen=28 ]
8853#######################################################################################################################################
8854Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 23:33 EST
8855Nmap scan report for 88.255.226.247.static.ttnet.com.tr (88.255.226.247)
8856Host is up (0.068s latency).
8857Not shown: 995 filtered ports
8858PORT STATE SERVICE VERSION
885925/tcp closed smtp
886080/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8861|_http-server-header: Microsoft-HTTPAPI/2.0
8862| vulscan: VulDB - https://vuldb.com:
8863| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
8864| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
8865| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
8866| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
8867| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
8868| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8869| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8870| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8871| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8872| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8873| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8874| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8875| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8876| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8877| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8878| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8879| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8880| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8881| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8882| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8883| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
8884| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
8885| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
8886| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
8887| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
8888| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
8889| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
8890| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
8891| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
8892| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
8893| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
8894| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
8895| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
8896| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
8897| [114524] Microsoft ASP.NET Core 2.0 denial of service
8898| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
8899| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
8900| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
8901| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
8902| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
8903| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
8904| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
8905| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
8906| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
8907| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8908| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8909| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8910| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8911| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8912| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8913| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8914| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8915| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8916| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8917| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8918| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
8919| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
8920| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
8921| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
8922| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
8923| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
8924| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
8925| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
8926| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
8927| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
8928| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8929| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
8930| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
8931| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8932| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8933| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8934| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
8935| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
8936| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8937| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8938| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
8939| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
8940| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
8941| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
8942| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
8943| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
8944| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
8945| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
8946| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8947| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
8948| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
8949| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
8950| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
8951| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
8952| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
8953| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
8954| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
8955| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
8956| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
8957| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
8958| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
8959| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
8960| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
8961| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
8962| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
8963| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8964| [98085] Microsoft Excel 2007 SP3 memory corruption
8965| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
8966| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
8967| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
8968| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
8969| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
8970| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
8971| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
8972| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
8973| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
8974| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
8975| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
8976| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8977| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
8978| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
8979| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
8980| [93541] Microsoft Office 2007 SP3 denial of service
8981| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
8982| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
8983| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
8984| [93396] Microsoft Office 2007/2010/2011 memory corruption
8985| [93395] Microsoft Office 2007/2010/2011 memory corruption
8986| [93394] Microsoft Office 2007/2010 memory corruption
8987| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
8988| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
8989| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8990| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
8991| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8992| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8993| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8994| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
8995| [91545] Microsoft Office 2007/2010 memory corruption
8996| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8997| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
8998| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
8999| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
9000| [90705] Microsoft Office 2007/2010/2011 memory corruption
9001| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
9002| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
9003| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
9004| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
9005| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
9006| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
9007| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
9008| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
9009| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
9010| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
9011| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
9012| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
9013| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
9014| [87147] Microsoft Office 2007/2010 memory corruption
9015| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
9016| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
9017| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
9018| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
9019| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
9020| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
9021| [81272] Microsoft Office 2007/2010/2013 memory corruption
9022| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
9023| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
9024| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
9025| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
9026| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
9027| [79505] Microsoft Office 2007 memory corruption
9028| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
9029| [79503] Microsoft Office 2007/2010/2013 memory corruption
9030| [79502] Microsoft Office 2007/2010/2011 memory corruption
9031| [79501] Microsoft Office 2007/2010 memory corruption
9032| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
9033| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
9034| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
9035| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
9036| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
9037| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
9038| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
9039| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
9040| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
9041| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
9042| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
9043| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
9044| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
9045| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
9046| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
9047| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
9048| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
9049| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
9050| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
9051| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
9052| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
9053| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
9054| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
9055| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
9056| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
9057| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
9058| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
9059| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
9060| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
9061| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
9062| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
9063| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
9064| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
9065| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
9066| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
9067| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
9068| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
9069| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
9070| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
9071| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
9072| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
9073| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
9074| [68408] Microsoft Excel 2007/2010/2013 memory corruption
9075| [68407] Microsoft Excel 2007/2010 memory corruption
9076| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
9077| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
9078| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
9079| [68188] Microsoft Word 2007 File memory corruption
9080| [68187] Microsoft Word 2007 File memory corruption
9081| [68186] Microsoft Word 2007 File memory corruption
9082| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
9083| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
9084| [71337] Microsoft Office 2000/2004/XP memory corruption
9085| [67355] Microsoft OneNote 2007 File Processing privilege escalation
9086| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
9087| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
9088| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
9089| [13545] Microsoft Word 2007 Embedded Font memory corruption
9090| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
9091| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
9092| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
9093| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
9094| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
9095| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
9096| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
9097| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
9098| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
9099| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
9100| [12844] Microsoft Word 2007/2010 Office File memory corruption
9101| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
9102| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
9103| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
9104| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
9105| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
9106| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
9107| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
9108| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
9109| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
9110| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
9111| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
9112| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
9113| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
9114| [10648] Microsoft Word 2007 Word File memory corruption
9115| [10647] Microsoft Word 2003 Word File memory corruption
9116| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
9117| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
9118| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
9119| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
9120| [10244] Microsoft Office 2003 SP3 Word File memory corruption
9121| [10243] Microsoft Office 2003/2007 Word File memory corruption
9122| [10242] Microsoft Office 2007 Word File memory corruption
9123| [10241] Microsoft Office 2007 Word File memory corruption
9124| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
9125| [10239] Microsoft Office 2003/2007 Word File memory corruption
9126| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
9127| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
9128| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
9129| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
9130| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
9131| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
9132| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
9133| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
9134| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
9135| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
9136| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
9137| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
9138| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
9139| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
9140| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
9141| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
9142| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
9143| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
9144| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
9145| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
9146| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
9147| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
9148| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
9149| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
9150| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
9151| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
9152| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
9153| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
9154| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
9155| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
9156| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
9157| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
9158| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
9159| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
9160| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
9161| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
9162| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
9163| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
9164| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
9165| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
9166| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
9167| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
9168| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
9169| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
9170| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
9171| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
9172| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
9173| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
9174| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
9175| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
9176| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
9177| [6830] Microsoft Word 2007/2010 File memory corruption
9178| [6819] Microsoft Excel 2007 File memory corruption
9179| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
9180| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
9181| [6621] Microsoft Word 2007 PAPX memory corruption
9182| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
9183| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
9184| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
9185| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
9186| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
9187| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
9188| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
9189| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
9190| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
9191| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
9192| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
9193| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
9194| [5643] Microsoft SharePoint 2007/2010 information disclosure
9195| [5642] Microsoft SharePoint 2007 cross site request forgery
9196| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
9197| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
9198| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
9199| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
9200| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
9201| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
9202| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
9203| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
9204| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
9205| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
9206| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
9207| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
9208| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
9209| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
9210| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
9211| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
9212| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
9213| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
9214| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
9215| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
9216| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
9217| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
9218| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
9219| [4480] Microsoft Excel 2003 memory corruption
9220| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
9221| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
9222| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
9223| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
9224| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
9225| [4470] Microsoft Office 2003 SP3 memory corruption
9226| [4453] Microsoft Excel 2003 Record Parser memory corruption
9227| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
9228| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
9229| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
9230| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
9231| [59005] Microsoft Host Integration Server 2004 denial of service
9232| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
9233| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
9234| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
9235| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
9236| [58488] Microsoft Office 2007/2010 memory corruption
9237| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
9238| [4411] Microsoft Excel 2003 memory corruption
9239| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
9240| [58240] Microsoft Visio 2003/2007 memory corruption
9241| [58237] Microsoft Visio 2003/2007/2010 memory corruption
9242| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
9243| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
9244| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
9245| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
9246| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
9247| [57691] Microsoft SQL Server 2008 Web Service information disclosure
9248| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
9249| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
9250| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
9251| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
9252| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
9253| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
9254| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
9255| [4369] Microsoft Excel 2002/2003/2007 memory corruption
9256| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
9257| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
9258| [57420] Microsoft PowerPoint 2002/2003 memory corruption
9259| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
9260| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
9261| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
9262| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
9263| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
9264| [57076] Microsoft Excel 2002/2003 memory corruption
9265| [57075] Microsoft Excel 2002/2003 memory corruption
9266| [57074] Microsoft Excel 2002 memory corruption
9267| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
9268| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
9269| [4332] Microsoft PowerPoint 2007/2010 memory corruption
9270| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
9271| [56475] Microsoft Office 2004/2008 memory corruption
9272| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
9273| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
9274| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
9275| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
9276| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
9277| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
9278| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
9279| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
9280| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
9281| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
9282| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
9283| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
9284| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
9285| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
9286| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
9287| [55765] Microsoft Office 2003/Xp Integer memory corruption
9288| [55764] Microsoft Office 2003/Xp memory corruption
9289| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
9290| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
9291| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
9292| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
9293| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
9294| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
9295| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
9296| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
9297| [55420] Microsoft Office 2007/2010 memory corruption
9298| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
9299| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
9300| [55411] Microsoft PowerPoint 2002/2003 memory corruption
9301| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
9302| [54995] Microsoft Office 2004/2008 memory corruption
9303| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
9304| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
9305| [54992] Microsoft Excel 2002 memory corruption
9306| [54991] Microsoft Office 2004 Future memory corruption
9307| [54990] Microsoft Office 2004 memory corruption
9308| [54989] Microsoft Office 2004/2008 memory corruption
9309| [54988] Microsoft Excel 2002 memory corruption
9310| [54987] Microsoft Excel 2002 memory corruption
9311| [54986] Microsoft Excel 2002/2003 memory corruption
9312| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
9313| [54984] Microsoft Office 2004/2008 memory corruption
9314| [54983] Microsoft Excel 2002 Integer memory corruption
9315| [54980] Microsoft Word 2002/2003 memory corruption
9316| [54979] Microsoft Word 2002 memory corruption
9317| [54978] Microsoft Word 2002 memory corruption
9318| [54977] Microsoft Word 2002 Heap-based memory corruption
9319| [54976] Microsoft Word 2002 memory corruption
9320| [54975] Microsoft Word 2002 memory corruption
9321| [54974] Microsoft Word 2002 memory corruption
9322| [54973] Microsoft Word 2002 memory corruption
9323| [54972] Microsoft Word 2002 memory corruption
9324| [54971] Microsoft Word 2002 memory corruption
9325| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
9326| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
9327| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
9328| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
9329| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
9330| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
9331| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
9332| [54554] Microsoft Groove 2007 mso.dll memory corruption
9333| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
9334| [54322] Microsoft Word 2002/2003 memory corruption
9335| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
9336| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
9337| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
9338| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
9339| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
9340| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
9341| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
9342| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
9343| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
9344| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
9345| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
9346| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
9347| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
9348| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
9349| [53505] Microsoft Excel 2002/2007 memory corruption
9350| [53501] Microsoft Excel 2002 memory corruption
9351| [53500] Microsoft Excel 2002 memory corruption
9352| [53499] Microsoft Excel 2002 memory corruption
9353| [53495] Microsoft Excel 2002/2003/2007 memory corruption
9354| [53494] Microsoft Excel 2002 Stack-based memory corruption
9355| [53504] Microsoft Excel 2002 memory corruption
9356| [53503] Microsoft Excel 2002 Stack-Based memory corruption
9357| [53502] Microsoft Excel 2002 Heap-based memory corruption
9358| [53498] Microsoft Excel 2002 Stack-based memory corruption
9359| [53497] Microsoft Excel 2002 memory corruption
9360| [53496] Microsoft Excel 2002 memory corruption
9361| [53493] Microsoft Excel 2002/2003/2007 memory corruption
9362| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
9363| [53366] Microsoft ASP.NET 2.0 cross site scripting
9364| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
9365| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
9366| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
9367| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
9368| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
9369| [52773] Microsoft Visio 2002/2003/2007 memory corruption
9370| [52772] Microsoft Visio 2002/2003/2007 memory corruption
9371| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
9372| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
9373| [52543] Microsoft Virtual PC 2007 unknown vulnerability
9374| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
9375| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
9376| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
9377| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
9378| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
9379| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
9380| [4090] Microsoft Excel 2002/2003/2007 memory corruption
9381| [52036] Microsoft Windows 2000 MsgBox memory corruption
9382| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
9383| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
9384| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
9385| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
9386| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
9387| [51799] Microsoft PowerPoint 2002/2003 memory corruption
9388| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
9389| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
9390| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
9391| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
9392| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
9393| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
9394| [51074] Microsoft Office 2002/2003 Integer memory corruption
9395| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
9396| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
9397| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
9398| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
9399| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
9400| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
9401| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
9402| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
9403| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
9404| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
9405| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
9406| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
9407| [50443] Microsoft PowerPoint 2007 Integer memory corruption
9408| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
9409| [49866] Microsoft Windows Server 2003 memory corruption
9410| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
9411| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
9412| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
9413| [49745] Microsoft Windows Server 2003 denial of service
9414| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
9415| [49394] Microsoft Windows Server 2003 memory corruption
9416| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
9417| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
9418| [49198] Microsoft Visual Studio 2005 information disclosure
9419| [49047] Microsoft Virtual Server 2005 privilege escalation
9420| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
9421| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
9422| [49044] Microsoft ISA Server 2006 privilege escalation
9423| [3999] Microsoft Office 2007 Pointer memory corruption
9424| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
9425| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
9426| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
9427| [48517] Microsoft Windows 2000 Memory Leak memory corruption
9428| [48516] Microsoft Windows Server 2008 unknown vulnerability
9429| [48512] Microsoft Windows Server 2008 unknown vulnerability
9430| [48515] Microsoft Office Word Viewer 2003 memory corruption
9431| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
9432| [48554] Microsoft Excel 2000/2003/2007 memory corruption
9433| [48157] Microsoft PowerPoint 2002 Sound memory corruption
9434| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
9435| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
9436| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
9437| [48150] Microsoft PowerPoint 2002 Sound memory corruption
9438| [48147] Microsoft PowerPoint 2002 Sound memory corruption
9439| [48146] Microsoft PowerPoint 2002 Integer memory corruption
9440| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
9441| [48153] Microsoft PowerPoint 2002 Sound memory corruption
9442| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
9443| [48149] Microsoft PowerPoint 2002 memory corruption
9444| [48148] Microsoft PowerPoint 2002 Sound memory corruption
9445| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
9446| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
9447| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
9448| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
9449| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
9450| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
9451| [47719] Microsoft Windows 2000 Stack-based memory corruption
9452| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
9453| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
9454| [47715] Microsoft Windows 2000 Wordpad memory corruption
9455| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
9456| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
9457| [3952] Microsoft ISA Server 2004/2006 denial of service
9458| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
9459| [47091] Microsoft Windows Server 2008 unknown vulnerability
9460| [47090] Microsoft Windows Server 2008 unknown vulnerability
9461| [3939] Microsoft Windows 2000 DNS spoofing
9462| [3938] Microsoft Windows 2000 SSL weak authentication
9463| [3937] Microsoft Windows 2000 memory corruption
9464| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
9465| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
9466| [46455] Microsoft Exchange Server 2007 denial of service
9467| [46454] Microsoft Exchange Server 2007 memory corruption
9468| [46453] Microsoft Visio 2002/2003/2007 memory corruption
9469| [46452] Microsoft Visio 2002/2003/2007 memory corruption
9470| [46451] Microsoft Visio 2002/2003/2007 memory corruption
9471| [46327] Microsoft Word 2007 information disclosure
9472| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
9473| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
9474| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
9475| [45379] Microsoft Office SharePoint Server 2007 denial of service
9476| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
9477| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
9478| [3891] Microsoft Excel 2000/2002/2003 memory corruption
9479| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
9480| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
9481| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
9482| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
9483| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
9484| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
9485| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
9486| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
9487| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
9488| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
9489| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
9490| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
9491| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
9492| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
9493| [45197] Microsoft Windows 2000 nskey.dll memory corruption
9494| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
9495| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
9496| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
9497| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
9498| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
9499| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
9500| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
9501| [3844] Microsoft Excel 2003 REPT memory corruption
9502| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
9503| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
9504| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
9505| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
9506| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
9507| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
9508| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
9509| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
9510| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
9511| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
9512| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
9513| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
9514| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
9515| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
9516| [43657] Microsoft Office 2000/2003/Xp memory corruption
9517| [43654] Microsoft SharePoint Server 2007 memory corruption
9518| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
9519| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
9520| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
9521| [3796] Microsoft Office 2000 WPG memory corruption
9522| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
9523| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
9524| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
9525| [3792] Microsoft Office 2000 EPS File memory corruption
9526| [3783] Microsoft Word 2002 memory corruption
9527| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
9528| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
9529| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
9530| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
9531| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
9532| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
9533| [42816] Microsoft Word 2000/2003 memory corruption
9534| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
9535| [42731] Microsoft Windows Server 2003 denial of service
9536| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
9537| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
9538| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
9539| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
9540| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
9541| [41880] Microsoft Project 2000/2002/2003 memory corruption
9542| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
9543| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
9544| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
9545| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
9546| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
9547| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
9548| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
9549| [41453] Microsoft Excel 2000/2002/2003 memory corruption
9550| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
9551| [41451] Microsoft Excel 2000/2002/2003 memory corruption
9552| [41450] Microsoft Excel 2000 memory corruption
9553| [41449] Microsoft Excel 2000/2002/2003 memory corruption
9554| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
9555| [3648] Microsoft Excel 2003 memory corruption
9556| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
9557| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
9558| [41002] Microsoft Office 2000/2003/Xp memory corruption
9559| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
9560| [41000] Microsoft Works 2005/8.0 memory corruption
9561| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
9562| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
9563| [40987] Microsoft Windows 2000 denial of service
9564| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
9565| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
9566| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
9567| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
9568| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
9569| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
9570| [39655] Microsoft Windows Server 2003 spoofing
9571| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
9572| [3373] Microsoft Word 2000/2002 memory corruption
9573| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
9574| [38899] Microsoft ISA Server 2004 information disclosure
9575| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
9576| [38326] Microsoft Windows 2000 attemptwrite memory corruption
9577| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
9578| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
9579| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
9580| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
9581| [37738] Microsoft Office 2002/2003 memory corruption
9582| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
9583| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
9584| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
9585| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
9586| [37566] Microsoft Excel 2003 unknown vulnerability
9587| [37526] Microsoft Windows 2000/Server 2003 denial of service
9588| [37248] Microsoft Visio 2002 Packaging memory corruption
9589| [37251] Microsoft Windows 2000 memory corruption
9590| [3119] Microsoft Visio 2002 Object memory corruption
9591| [3118] Microsoft Visio 2002 Data memory corruption
9592| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
9593| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
9594| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
9595| [36616] Microsoft Works 2004/2005/2006 memory corruption
9596| [36621] Microsoft Exchange Server 2000 Integer denial of service
9597| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
9598| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
9599| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
9600| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
9601| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
9602| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
9603| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
9604| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
9605| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
9606| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
9607| [36039] Microsoft Content Management Server 2001 memory corruption
9608| [36052] Microsoft Windows 2000 Heap-based memory corruption
9609| [36051] Microsoft Word 2007 file798-1.doc memory corruption
9610| [36050] Microsoft Word 2007 file789-1.doc memory corruption
9611| [36040] Microsoft Content Management Server 2001 cross site scripting
9612| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
9613| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
9614| [36002] Microsoft Windows 2000/XP denial of service
9615| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
9616| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
9617| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
9618| [35373] Microsoft Excel 2003 denial of service
9619| [35372] Microsoft Office 2003 denial of service
9620| [35206] Microsoft Windows Server 2003/XP Crash denial of service
9621| [35161] Microsoft ISA Server 2004 unknown vulnerability
9622| [35236] Microsoft Publisher 2007 memory corruption
9623| [2939] Microsoft Word 2000 memory corruption
9624| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
9625| [34993] Microsoft Office 2000/2003/Xp memory corruption
9626| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
9627| [35000] Microsoft Word 2000/2002/2003 memory corruption
9628| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
9629| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
9630| [2884] Microsoft Word 2000/2002/2003 memory corruption
9631| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
9632| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
9633| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
9634| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
9635| [34322] Microsoft Office 2000/2003/Xp memory corruption
9636| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
9637| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
9638| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
9639| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
9640| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
9641| [34126] Microsoft Office 2003 memory corruption
9642| [34122] Microsoft Office Web Components 2000 memory corruption
9643| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
9644| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
9645| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
9646| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
9647| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
9648| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
9649| [33766] Microsoft Word 2000/2002/2003 memory corruption
9650| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
9651| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
9652| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
9653| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
9654| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
9655| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
9656| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
9657| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
9658| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
9659| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
9660| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
9661| [32693] Microsoft Word 2004 memory corruption
9662| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
9663| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
9664| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
9665| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
9666| [32694] Microsoft Windows 2000 memory corruption
9667| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
9668| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
9669| [32687] Microsoft Word 2000/2002 memory corruption
9670| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
9671| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
9672| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
9673| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
9674| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
9675| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
9676| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
9677| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
9678| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
9679| [2593] Microsoft ASP.NET 2.0 cross site scripting
9680| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
9681| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
9682| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
9683| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
9684| [141635] Microsoft .NET Core 2.1/2.2 denial of service
9685| [141633] Microsoft Excel up to 2019 memory corruption
9686| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
9687| [141630] Microsoft Windows up to Server 2019 denial of service
9688| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
9689| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
9690| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
9691| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
9692| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
9693| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
9694| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
9695| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
9696| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
9697| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
9698| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
9699| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
9700| [141610] Microsoft Excel up to 2019 information disclosure
9701| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
9702| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
9703| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
9704| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
9705| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
9706| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
9707| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
9708| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9709| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9710| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9711| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9712| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9713| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9714| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9715| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9716| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9717| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9718| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9719| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9720| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
9721| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
9722| [141583] Microsoft Lync Server 2013 Conference directory traversal
9723| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
9724| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
9725| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
9726| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
9727| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
9728| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
9729| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
9730| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
9731| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9732| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9733| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9734| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9735| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9736| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
9737| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
9738| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
9739| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
9740| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
9741| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
9742| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
9743| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
9744| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
9745| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
9746| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
9747| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
9748| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
9749| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
9750| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
9751| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
9752| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
9753| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
9754| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
9755| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
9756| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
9757| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9758| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9759| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9760| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9761| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9762| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9763| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9764| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9765| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9766| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9767| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
9768| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
9769| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
9770| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
9771| [139911] Microsoft Windows up to Server 2019 denial of service
9772| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
9773| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
9774| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
9775| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9776| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9777| [139902] Microsoft Word up to 2019 memory corruption
9778| [139901] Microsoft Outlook up to 2019 memory corruption
9779| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
9780| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
9781| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9782| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9783| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
9784| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
9785| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
9786| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
9787| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
9788| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
9789| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
9790| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
9791| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
9792| [139877] Microsoft Outlook up to 2019 memory corruption
9793| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9794| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9795| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
9796| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
9797| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
9798| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
9799| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
9800| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
9801| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9802| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9803| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9804| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9805| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9806| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9807| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9808| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9809| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9810| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9811| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
9812| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9813| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
9814| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
9815| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
9816| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9817| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9818| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9819| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9820| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
9821| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
9822| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
9823| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
9824| [137541] Microsoft Windows up to Server 2019 memory corruption
9825| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
9826| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
9827| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
9828| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
9829| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9830| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
9831| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
9832| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
9833| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
9834| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
9835| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
9836| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
9837| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
9838| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
9839| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
9840| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
9841| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
9842| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
9843| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
9844| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
9845| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
9846| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
9847| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
9848| [136327] Microsoft Lync Server 2010/2013 denial of service
9849| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9850| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9851| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9852| [136323] Microsoft Windows up to Server 2019 denial of service
9853| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
9854| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9855| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
9856| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
9857| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
9858| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
9859| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
9860| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
9861| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9862| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
9863| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
9864| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
9865| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
9866| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9867| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
9868| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
9869| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
9870| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9871| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9872| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9873| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9874| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9875| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9876| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
9877| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
9878| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
9879| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
9880| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
9881| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
9882| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
9883| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
9884| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
9885| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
9886| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
9887| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
9888| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
9889| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9890| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
9891| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
9892| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9893| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9894| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
9895| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9896| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9897| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
9898| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
9899| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
9900| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9901| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9902| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9903| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9904| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9905| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9906| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9907| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9908| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9909| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9910| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
9911| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9912| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9913| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9914| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
9915| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
9916| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
9917| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
9918| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
9919| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
9920| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
9921| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
9922| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
9923| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9924| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9925| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
9926| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
9927| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
9928| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
9929| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
9930| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9931| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
9932| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
9933| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9934| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9935| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
9936| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
9937| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
9938| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
9939| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
9940| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
9941| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9942| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
9943| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
9944| [133204] Microsoft Office/Excel up to 2019 memory corruption
9945| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9946| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9947| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9948| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9949| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
9950| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
9951| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
9952| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
9953| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9954| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
9955| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9956| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
9957| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
9958| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9959| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9960| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
9961| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
9962| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
9963| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
9964| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
9965| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
9966| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
9967| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
9968| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
9969| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
9970| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
9971| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
9972| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
9973| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
9974| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
9975| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
9976| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
9977| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
9978| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
9979| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
9980| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
9981| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
9982| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
9983| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
9984| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
9985| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
9986| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
9987| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
9988| [131658] Microsoft Windows up to Server 2019 information disclosure
9989| [131657] Microsoft Windows up to Server 2019 denial of service
9990| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
9991| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
9992| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
9993| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
9994| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
9995| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
9996| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
9997| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
9998| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9999| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
10000| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
10001| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
10002| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
10003| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
10004| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
10005| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
10006| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
10007| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
10008| [130832] Microsoft 2013 SP1 spoofing
10009| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
10010| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
10011| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
10012| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
10013| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
10014| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
10015| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10016| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
10017| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
10018| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
10019| [130814] Microsoft Windows up to Server 2019 privilege escalation
10020| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
10021| [130808] Microsoft Windows up to Server 2019 information disclosure
10022| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
10023| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
10024| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
10025| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
10026| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
10027| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
10028| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
10029| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
10030| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
10031| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
10032| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
10033| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
10034| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
10035| [130792] Microsoft Windows up to Server 2019 HID information disclosure
10036| [130791] Microsoft Windows up to Server 2019 HID information disclosure
10037| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
10038| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
10039| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
10040| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
10041| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
10042| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
10043| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
10044| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
10045| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
10046| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
10047| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
10048| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
10049| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
10050| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10051| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10052| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10053| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10054| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10055| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10056| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10057| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10058| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10059| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10060| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
10061| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
10062| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
10063| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
10064| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
10065| [128745] Microsoft Office up to 2019 Word Macro information disclosure
10066| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
10067| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10068| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
10069| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
10070| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
10071| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
10072| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
10073| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
10074| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
10075| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
10076| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
10077| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
10078| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
10079| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
10080| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
10081| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
10082| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
10083| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
10084| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
10085| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
10086| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
10087| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
10088| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
10089| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
10090| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
10091| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
10092| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
10093| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
10094| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
10095| [127817] Microsoft Excel up to 2019 information disclosure
10096| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
10097| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
10098| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
10099| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
10100| [127806] Microsoft Outlook up to 2019 memory corruption
10101| [127805] Microsoft Excel up to 2019 memory corruption
10102| [127804] Microsoft Excel up to 2019 memory corruption
10103| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
10104| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
10105| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
10106| [126755] Microsoft .NET Core 2.1 privilege escalation
10107| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
10108| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
10109| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
10110| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
10111| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10112| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
10113| [126744] Microsoft Office up to 2019 Word memory corruption
10114| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
10115| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
10116| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
10117| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
10118| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
10119| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
10120| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
10121| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
10122| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
10123| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10124| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10125| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
10126| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
10127| [126718] Microsoft Windows up to Server 2016 Search memory corruption
10128| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
10129| [126716] Microsoft Office up to 2019 Excel memory corruption
10130| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
10131| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
10132| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
10133| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
10134| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
10135| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
10136| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
10137| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
10138| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
10139| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
10140| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
10141| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
10142| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
10143| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
10144| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
10145| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
10146| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
10147| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10148| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10149| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10150| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10151| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
10152| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
10153| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
10154| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
10155| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
10156| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
10157| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
10158| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
10159| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
10160| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
10161| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
10162| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
10163| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
10164| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
10165| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
10166| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
10167| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
10168| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
10169| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
10170| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
10171| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10172| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
10173| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
10174| [123849] Microsoft Windows up to Server 2016 SMB denial of service
10175| [123846] Microsoft Office 2016 on Win/Mac memory corruption
10176| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
10177| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
10178| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
10179| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
10180| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
10181| [123827] Microsoft Windows up to Server 2016 Image memory corruption
10182| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
10183| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
10184| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
10185| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
10186| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
10187| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
10188| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
10189| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
10190| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10191| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
10192| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
10193| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10194| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
10195| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
10196| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
10197| [122848] Microsoft Windows Security Feature 2FA weak authentication
10198| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
10199| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
10200| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
10201| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
10202| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10203| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
10204| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
10205| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
10206| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
10207| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
10208| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
10209| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10210| [121098] Microsoft Office 2016/2016 C2R memory corruption
10211| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
10212| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
10213| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10214| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
10215| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
10216| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
10217| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
10218| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
10219| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
10220| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
10221| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
10222| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
10223| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
10224| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
10225| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
10226| [119459] Microsoft Windows up to Server 2016 memory corruption
10227| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
10228| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
10229| [119455] Microsoft Windows up to Server 2016 denial of service
10230| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
10231| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
10232| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
10233| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
10234| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
10235| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
10236| [119436] Microsoft Windows up to Server 2016 memory corruption
10237| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
10238| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
10239| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
10240| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
10241| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
10242| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
10243| [117507] Microsoft Infopath 2013 SP1 memory corruption
10244| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
10245| [117504] Microsoft Office 2010 SP2 information disclosure
10246| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
10247| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
10248| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10249| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
10250| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
10251| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
10252| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
10253| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
10254| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10255| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10256| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10257| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10258| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10259| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10260| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
10261| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
10262| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
10263| [116132] Microsoft Office 2016 Memory information disclosure
10264| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10265| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
10266| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
10267| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
10268| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
10269| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
10270| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
10271| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
10272| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
10273| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
10274| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
10275| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
10276| [116023] Microsoft Office up to 2016 C2R information disclosure
10277| [116022] Microsoft Excel 2010 SP2 memory corruption
10278| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
10279| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
10280| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10281| [116017] Microsoft Excel up to 2016 C2R memory corruption
10282| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
10283| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
10284| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
10285| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
10286| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
10287| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
10288| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
10289| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
10290| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
10291| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
10292| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
10293| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
10294| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
10295| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10296| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
10297| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
10298| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
10299| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10300| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10301| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10302| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10303| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10304| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10305| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10306| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10307| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10308| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10309| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10310| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
10311| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
10312| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
10313| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
10314| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
10315| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
10316| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
10317| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
10318| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
10319| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
10320| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
10321| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
10322| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
10323| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
10324| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
10325| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
10326| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
10327| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
10328| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
10329| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
10330| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
10331| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
10332| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
10333| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
10334| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
10335| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
10336| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
10337| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
10338| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
10339| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
10340| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
10341| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
10342| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
10343| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
10344| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
10345| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
10346| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
10347| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
10348| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
10349| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
10350| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10351| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
10352| [113232] Microsoft Excel 2016 memory corruption
10353| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
10354| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
10355| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
10356| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
10357| [111567] Microsoft Office 2010/2013/2016 memory corruption
10358| [111564] Microsoft Word 2016 memory corruption
10359| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
10360| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
10361| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
10362| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
10363| [110553] Microsoft Office 2016 C2R information disclosure
10364| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
10365| [110551] Microsoft Excel 2016 C2R memory corruption
10366| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
10367| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
10368| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
10369| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
10370| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
10371| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
10372| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
10373| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
10374| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
10375| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
10376| [107759] Microsoft Windows up to Server 2016 SMB denial of service
10377| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
10378| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
10379| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
10380| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
10381| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
10382| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
10383| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
10384| [107738] Microsoft Windows up to Server 2016 Search information disclosure
10385| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
10386| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
10387| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
10388| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10389| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10390| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
10391| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
10392| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
10393| [107698] Microsoft Office 2016 memory corruption
10394| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
10395| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
10396| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
10397| [106529] Microsoft PowerPoint 2016 memory corruption
10398| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
10399| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
10400| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
10401| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
10402| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
10403| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
10404| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
10405| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
10406| [106474] Microsoft Office 2016 memory corruption
10407| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
10408| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
10409| [106470] Microsoft Excel 2011 on Mac memory corruption
10410| [106455] Microsoft Exchange Server 2013/2016 information disclosure
10411| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
10412| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
10413| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
10414| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
10415| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
10416| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
10417| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
10418| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
10419| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
10420| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
10421| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
10422| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
10423| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
10424| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
10425| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
10426| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
10427| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
10428| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
10429| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
10430| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
10431| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
10432| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
10433| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
10434| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
10435| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
10436| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
10437| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
10438| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
10439| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
10440| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
10441| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
10442| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
10443| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
10444| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
10445| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
10446| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
10447| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
10448| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
10449| [102463] Microsoft Project Server 2013 SP1 cross site scripting
10450| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
10451| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
10452| [102446] Microsoft Office up to 2016 privilege escalation
10453| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
10454| [102443] Microsoft Office up to 2016 privilege escalation
10455| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
10456| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
10457| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
10458| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
10459| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
10460| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
10461| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
10462| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
10463| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
10464| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10465| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
10466| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
10467| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10468| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
10469| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10470| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10471| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10472| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
10473| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
10474| [101019] Microsoft Skype for Business 2016 memory corruption
10475| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
10476| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
10477| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
10478| [101014] Microsoft Office 2010 SP2/2016 memory corruption
10479| [101013] Microsoft Office 2010 SP2/2016 memory corruption
10480| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
10481| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
10482| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
10483| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
10484| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
10485| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
10486| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
10487| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
10488| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
10489| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
10490| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
10491| [98096] Microsoft Exchange 2013 SP1 privilege escalation
10492| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
10493| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
10494| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
10495| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
10496| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
10497| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
10498| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
10499| [98081] Microsoft Excel up to 2016 information disclosure
10500| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10501| [98079] Microsoft Word 2016 memory corruption
10502| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
10503| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
10504| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
10505| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
10506| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
10507| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
10508| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
10509| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
10510| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
10511| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
10512| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
10513| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
10514| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
10515| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
10516| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
10517| [94451] Microsoft Office 2011 memory corruption
10518| [94447] Microsoft Office 2010 SP2 memory corruption
10519| [94446] Microsoft Office 2016 memory corruption
10520| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
10521| [94443] Microsoft Office up to 2016 information disclosure
10522| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
10523| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
10524| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
10525| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
10526| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
10527| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
10528| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
10529| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
10530| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
10531| [93393] Microsoft Office up to 2016 memory corruption
10532| [93392] Microsoft Office up to 2016 memory corruption
10533| [93391] Microsoft Office up to 2016 memory corruption
10534| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
10535| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
10536| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
10537| [92584] Microsoft Office up to 2016 memory corruption
10538| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
10539| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
10540| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
10541| [91555] Microsoft Exchange 2013/2016 Link spoofing
10542| [91550] Microsoft Office 2016 memory corruption
10543| [91547] Microsoft Office 2010 memory corruption
10544| [91543] Microsoft Office up to 2016 memory corruption
10545| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
10546| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
10547| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
10548| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
10549| [89043] Microsoft Office up to 2016 memory corruption
10550| [89041] Microsoft Office up to 2016 memory corruption
10551| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
10552| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
10553| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10554| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
10555| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
10556| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
10557| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
10558| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
10559| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
10560| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
10561| [87936] Microsoft Office up to 2016 memory corruption
10562| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
10563| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
10564| [87149] Microsoft Office up to 2016 memory corruption
10565| [87148] Microsoft Office 2010 Graphics memory corruption
10566| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
10567| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
10568| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
10569| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
10570| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
10571| [81274] Microsoft Office up to 2016 memory corruption
10572| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
10573| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
10574| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
10575| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
10576| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
10577| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
10578| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
10579| [80870] Microsoft Office up to 2016 memory corruption
10580| [80868] Microsoft Office up to 2016 memory corruption
10581| [80867] Microsoft Office up to 2016 memory corruption
10582| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
10583| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
10584| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
10585| [80231] Microsoft Excel up to 2016 Office Document memory corruption
10586| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
10587| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
10588| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
10589| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
10590| [80218] Microsoft Office up to 2016 ASLR privilege escalation
10591| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
10592| [80216] Microsoft Office up to 2016 Office Document memory corruption
10593| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
10594| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
10595| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
10596| [79500] Microsoft Office 2010/2011/2016 memory corruption
10597| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
10598| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
10599| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
10600| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
10601| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
10602| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
10603| [77638] Microsoft Lync Server 2013 cross site scripting
10604| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
10605| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
10606| [77050] Microsoft Office up to 2016 memory corruption
10607| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
10608| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
10609| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
10610| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
10611| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
10612| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
10613| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
10614| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
10615| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
10616| [66976] Microsoft Access 2010 VBA Datatype denial of service
10617| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
10618| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
10619| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
10620| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
10621| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
10622| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
10623| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
10624| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
10625| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
10626| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
10627| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
10628| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
10629| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
10630| [69156] Microsoft Office 2010 Object memory corruption
10631| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
10632| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
10633| [68191] Microsoft SharePoint 2010 cross site scripting
10634| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
10635| [67518] Microsoft Lync 2013 denial of service
10636| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
10637| [67516] Microsoft Lync 2010/2013 denial of service
10638| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
10639| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
10640| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
10641| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
10642| [13228] Microsoft Office 2013 Document privilege escalation
10643| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
10644| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
10645| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
10646| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
10647| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
10648| [12183] Microsoft .NET Framework 2/4 DTD denial of service
10649| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
10650| [11468] Microsoft Exchange 2010/2013 cross site scripting
10651| [11466] Microsoft Office 2013 File Response information disclosure
10652| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
10653| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
10654| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
10655| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
10656| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
10657| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
10658| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
10659| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
10660| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
10661| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
10662| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
10663| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
10664| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
10665| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
10666| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
10667| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
10668| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
10669| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
10670| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
10671| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
10672| [7343] Microsoft Lync 2012 HTTP Format String
10673| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
10674| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
10675| [6831] Microsoft Office Picture Manager 2010 File memory corruption
10676| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
10677| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
10678| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
10679| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
10680| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
10681| [5641] Microsoft SharePoint 2010 cross site scripting
10682| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
10683| [12311] Microsoft Lync 2010 Search race condition
10684| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
10685| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
10686| [60208] Microsoft Visio Viewer 2010 memory corruption
10687| [60207] Microsoft Visio Viewer 2010 memory corruption
10688| [60206] Microsoft Visio Viewer 2010 memory corruption
10689| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
10690| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
10691| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
10692| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
10693| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
10694| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
10695| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
10696| [4424] Microsoft Host Integration Server up to 2010 denial of service
10697| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
10698| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
10699| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
10700| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
10701| [4414] Microsoft SharePoint 2010 cross site scripting
10702| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
10703| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
10704| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
10705| [56028] Microsoft Data Access Components 2.8 memory corruption
10706| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
10707| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
10708| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
10709| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
10710| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
10711| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
10712| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
10713| [4009] Microsoft NET Framework 2.x/3.x denial of service
10714| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
10715| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
10716| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
10717| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
10718| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
10719| [32692] Microsoft XML Core Services up to 2.6 memory corruption
10720| [32691] Microsoft XML Core Services up to 2.6 memory corruption
10721|
10722| MITRE CVE - https://cve.mitre.org:
10723| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
10724| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
10725| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
10726| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
10727| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
10728| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
10729| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
10730| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
10731| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
10732| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
10733| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
10734| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
10735| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
10736| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
10737| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
10738| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
10739| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
10740| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
10741| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
10742| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
10743| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
10744| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
10745| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
10746| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
10747| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
10748| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
10749| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
10750| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
10751| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
10752| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
10753| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
10754| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
10755| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
10756| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
10757| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
10758| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
10759| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
10760| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
10761| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
10762| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
10763| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
10764| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
10765| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
10766| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
10767| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
10768| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
10769| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
10770| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
10771| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
10772| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10773| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10774| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10775| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10776| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10777| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10778| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10779| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10780| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10781| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10782| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10783| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10784| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10785| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10786| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10787| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10788| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10789| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10790| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10791| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10792| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10793| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10794| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10795| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10796| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10797| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10798| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10799| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10800| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10801| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10802| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
10803| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
10804| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
10805| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
10806| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
10807| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
10808| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
10809| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
10810| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
10811| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
10812| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
10813| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
10814| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
10815| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
10816| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
10817| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
10818| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
10819| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
10820| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
10821| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
10822| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
10823| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
10824| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
10825| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
10826| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
10827| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
10828| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
10829| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
10830| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
10831| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
10832| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
10833| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
10834| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
10835| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
10836| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
10837| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
10838| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
10839| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
10840| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
10841| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
10842| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
10843| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
10844| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
10845| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
10846| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
10847| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
10848| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
10849| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
10850| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
10851| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
10852| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
10853| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
10854| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10855| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
10856| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
10857| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
10858| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10859| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
10860| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
10861| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
10862| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
10863| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
10864| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
10865| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
10866| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
10867| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
10868| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
10869| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10870| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
10871| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
10872| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
10873| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
10874| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
10875| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
10876| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
10877| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
10878| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
10879| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
10880| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
10881| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
10882| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
10883| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
10884| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
10885| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
10886| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10887| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
10888| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
10889| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
10890| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
10891| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
10892| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
10893| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
10894| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
10895| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
10896| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10897| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10898| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
10899| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
10900| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
10901| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
10902| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
10903| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
10904| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
10905| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
10906| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
10907| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
10908| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
10909| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
10910| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
10911| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
10912| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
10913| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
10914| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
10915| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
10916| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
10917| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
10918| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
10919| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
10920| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
10921| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
10922| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
10923| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
10924| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
10925| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
10926| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
10927| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
10928| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
10929| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
10930| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
10931| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
10932| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
10933| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
10934| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
10935| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
10936| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
10937| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
10938| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
10939| [CVE-2011-1990] Microsoft Excel 2007 SP2
10940| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
10941| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
10942| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
10943| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
10944| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
10945| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
10946| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
10947| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
10948| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
10949| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
10950| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
10951| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
10952| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
10953| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
10954| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
10955| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
10956| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
10957| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
10958| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
10959| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
10960| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
10961| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
10962| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
10963| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
10964| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10965| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10966| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10967| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10968| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10969| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10970| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10971| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10972| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10973| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10974| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
10975| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10976| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10977| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10978| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
10979| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
10980| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
10981| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
10982| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
10983| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
10984| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
10985| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
10986| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
10987| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
10988| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
10989| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
10990| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
10991| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
10992| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
10993| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
10994| [CVE-2011-1275] Microsoft Excel 2002 SP3
10995| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
10996| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
10997| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
10998| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
10999| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
11000| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
11001| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
11002| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
11003| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
11004| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
11005| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
11006| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
11007| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
11008| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
11009| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11010| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11011| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11012| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11013| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11014| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11015| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11016| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11017| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11018| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11019| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11020| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11021| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11022| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11023| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11024| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11025| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11026| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11027| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
11028| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
11029| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
11030| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
11031| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
11032| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11033| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
11034| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11035| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11036| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11037| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11038| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11039| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11040| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11041| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11042| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
11043| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
11044| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
11045| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
11046| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
11047| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
11048| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
11049| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
11050| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
11051| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
11052| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
11053| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
11054| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
11055| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
11056| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
11057| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
11058| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
11059| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
11060| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
11061| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
11062| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
11063| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
11064| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
11065| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
11066| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
11067| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
11068| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
11069| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
11070| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
11071| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
11072| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
11073| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
11074| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
11075| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
11076| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
11077| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
11078| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
11079| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
11080| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
11081| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
11082| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
11083| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
11084| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
11085| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
11086| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
11087| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
11088| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
11089| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
11090| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
11091| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
11092| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
11093| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
11094| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
11095| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
11096| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
11097| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
11098| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
11099| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
11100| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
11101| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
11102| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
11103| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
11104| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
11105| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
11106| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
11107| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
11108| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
11109| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
11110| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
11111| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
11112| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
11113| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
11114| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
11115| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
11116| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
11117| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
11118| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
11119| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
11120| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
11121| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
11122| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
11123| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
11124| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
11125| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
11126| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
11127| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
11128| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
11129| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
11130| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
11131| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
11132| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
11133| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
11134| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
11135| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
11136| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
11137| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
11138| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
11139| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
11140| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
11141| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
11142| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
11143| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
11144| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
11145| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
11146| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
11147| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
11148| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
11149| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
11150| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
11151| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
11152| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
11153| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
11154| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
11155| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
11156| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
11157| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
11158| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
11159| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
11160| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
11161| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
11162| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
11163| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
11164| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
11165| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
11166| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
11167| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
11168| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
11169| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
11170| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
11171| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
11172| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
11173| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
11174| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
11175| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
11176| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
11177| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
11178| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
11179| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
11180| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
11181| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
11182| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
11183| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
11184| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
11185| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
11186| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
11187| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
11188| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
11189| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
11190| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
11191| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
11192| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
11193| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
11194| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
11195| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
11196| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
11197| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
11198| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
11199| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
11200| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
11201| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
11202| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
11203| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
11204| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
11205| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
11206| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
11207| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
11208| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
11209| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
11210| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
11211| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
11212| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
11213| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
11214| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
11215| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
11216| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
11217| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
11218| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
11219| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
11220| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
11221| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
11222| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
11223| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
11224| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
11225| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
11226| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
11227| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
11228| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
11229| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
11230| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
11231| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
11232| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
11233| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
11234| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
11235| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
11236| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
11237| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
11238| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
11239| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
11240| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
11241| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
11242| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
11243| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
11244| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
11245| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
11246| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
11247| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
11248| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
11249| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
11250| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
11251| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
11252| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
11253| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
11254| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
11255| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
11256| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
11257| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
11258| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
11259| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
11260| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
11261| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
11262| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
11263| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
11264| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
11265| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
11266| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
11267| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
11268| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
11269| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
11270| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
11271| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
11272| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
11273| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
11274| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
11275| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
11276| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
11277| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
11278| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
11279| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
11280| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
11281| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
11282| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
11283| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
11284| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
11285| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
11286| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
11287| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
11288| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
11289| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
11290| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
11291| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
11292| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
11293| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
11294| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
11295| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
11296| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
11297| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
11298| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
11299| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
11300| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
11301| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
11302| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
11303| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
11304| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
11305| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
11306| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
11307| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
11308| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
11309| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
11310| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
11311| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
11312| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
11313| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
11314| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
11315| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
11316| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
11317| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
11318| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
11319| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
11320| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
11321| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
11322| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
11323| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
11324| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
11325| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
11326| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
11327| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
11328| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
11329| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
11330| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
11331| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
11332| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
11333| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
11334| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
11335| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
11336| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
11337| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
11338| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
11339| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
11340| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
11341| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
11342| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
11343| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
11344| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
11345| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
11346| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
11347| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
11348| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
11349| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
11350| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
11351| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
11352| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
11353| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
11354| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
11355| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
11356| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
11357| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
11358| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
11359| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
11360| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
11361| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
11362| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
11363| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
11364| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
11365| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
11366| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
11367| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
11368| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
11369| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
11370| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
11371| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
11372| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
11373| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
11374| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
11375| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
11376| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
11377| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
11378| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
11379| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
11380| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
11381| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
11382| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
11383| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
11384| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
11385| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
11386| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
11387| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
11388| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
11389| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
11390| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
11391| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
11392| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
11393| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
11394| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
11395| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
11396| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
11397| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
11398| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
11399| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
11400| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
11401| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
11402| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
11403| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
11404| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
11405| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
11406| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
11407| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
11408| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
11409| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
11410| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
11411| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
11412| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
11413| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
11414| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
11415| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
11416| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
11417| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
11418| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
11419| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
11420| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
11421| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
11422| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
11423| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
11424| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
11425| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
11426| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
11427| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
11428| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
11429| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
11430| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
11431| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
11432| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
11433| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
11434| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
11435| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
11436| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
11437| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
11438| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
11439| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
11440| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
11441| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
11442| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
11443| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
11444| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
11445| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
11446| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
11447| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
11448| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
11449| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
11450| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
11451| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
11452| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
11453| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
11454| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
11455| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
11456| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
11457| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
11458| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
11459| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
11460| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
11461| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
11462| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11463| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
11464| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
11465| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
11466| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
11467| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
11468| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
11469| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
11470| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
11471| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11472| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
11473| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
11474| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
11475| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
11476| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
11477| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
11478| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
11479| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
11480| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
11481| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
11482| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
11483| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11484| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11485| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11486| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11487| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11488| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11489| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
11490| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
11491| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
11492| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
11493| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
11494| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
11495| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
11496| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
11497| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
11498| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
11499| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
11500| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
11501| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
11502| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
11503| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
11504| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
11505| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
11506| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
11507| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
11508| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
11509| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
11510| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
11511| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
11512| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
11513| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
11514| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
11515| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
11516| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
11517| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
11518| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
11519| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
11520| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
11521| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
11522| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
11523| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
11524| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
11525| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
11526| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
11527| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
11528| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
11529| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
11530| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
11531| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
11532| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
11533| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
11534| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
11535| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
11536| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
11537| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
11538| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
11539| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
11540| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
11541| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
11542| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
11543| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
11544| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
11545| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
11546| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
11547| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
11548| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
11549| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
11550| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
11551| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
11552| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
11553| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
11554| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
11555| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
11556| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
11557| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
11558| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
11559| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
11560| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
11561| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
11562| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
11563| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
11564| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
11565| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
11566| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
11567| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
11568| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
11569| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
11570| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
11571| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
11572| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
11573| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
11574| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
11575| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
11576| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
11577| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
11578| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
11579| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
11580| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
11581| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
11582| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
11583| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
11584| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
11585| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
11586| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
11587| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
11588| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
11589| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
11590| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
11591| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
11592| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
11593| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
11594| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
11595| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
11596| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
11597| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
11598| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
11599| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
11600| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
11601| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
11602| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
11603| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
11604| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
11605| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
11606| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
11607| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
11608| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
11609| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
11610| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
11611| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
11612| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
11613| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
11614| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
11615| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
11616| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
11617| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
11618| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
11619| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
11620| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
11621| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
11622| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
11623| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
11624| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
11625| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
11626| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
11627| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
11628| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
11629| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
11630| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
11631| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
11632| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
11633| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
11634| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
11635| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
11636| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
11637| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
11638| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
11639| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
11640| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
11641| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
11642| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
11643| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
11644| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
11645| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
11646| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
11647| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
11648| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
11649| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
11650| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
11651| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
11652| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
11653| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
11654| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
11655| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
11656| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
11657| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
11658| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
11659| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
11660| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
11661| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
11662| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
11663| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
11664| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
11665| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
11666| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
11667| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
11668| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
11669| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
11670| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
11671| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
11672| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
11673| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
11674| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
11675| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
11676| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
11677| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
11678| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
11679| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
11680| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
11681| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
11682| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
11683| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
11684| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
11685| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
11686| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
11687| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
11688| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
11689| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
11690| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
11691| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
11692| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
11693| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
11694| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
11695| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
11696| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
11697| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
11698| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
11699| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
11700| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
11701| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
11702| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
11703| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
11704| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
11705| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
11706| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
11707| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
11708| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
11709| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
11710| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
11711| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
11712| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
11713| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
11714| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
11715| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
11716| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
11717| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
11718| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
11719| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
11720| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
11721| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
11722| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
11723| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
11724| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
11725| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
11726| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
11727| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
11728| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
11729| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
11730| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
11731| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
11732| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
11733| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
11734| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
11735| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
11736| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
11737| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
11738| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
11739| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
11740| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
11741| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
11742| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
11743| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
11744| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
11745| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
11746| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
11747| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
11748| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
11749| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
11750| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
11751| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
11752| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
11753| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
11754| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
11755| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
11756| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
11757| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
11758| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
11759| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
11760| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
11761| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
11762| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
11763| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
11764| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
11765| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
11766| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
11767| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
11768| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
11769| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
11770| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
11771| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
11772| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
11773| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
11774| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
11775| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
11776| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
11777| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
11778| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
11779| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
11780| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
11781| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
11782| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
11783| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
11784| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
11785| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
11786| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
11787| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
11788| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
11789| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
11790| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
11791| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
11792| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
11793| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
11794| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
11795| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
11796| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
11797| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
11798| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
11799| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
11800| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
11801| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
11802| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
11803| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
11804| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
11805| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
11806| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
11807| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
11808| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
11809| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
11810| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
11811| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
11812| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
11813| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
11814| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
11815| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
11816| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
11817| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
11818| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
11819| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
11820| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
11821| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
11822| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
11823| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
11824| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
11825| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
11826| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
11827| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
11828| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
11829| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
11830| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
11831| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
11832| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
11833| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
11834| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
11835| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
11836| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
11837| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
11838| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
11839| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
11840| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
11841| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
11842| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
11843| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
11844| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
11845| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
11846| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
11847| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
11848| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
11849| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
11850| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
11851| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
11852| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
11853| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
11854| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
11855| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
11856| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
11857| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
11858| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
11859| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
11860| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
11861| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
11862| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
11863| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
11864| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
11865| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
11866| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
11867| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
11868| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
11869| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
11870| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
11871| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
11872| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
11873| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
11874| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
11875| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
11876| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
11877| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
11878| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
11879| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
11880| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
11881| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
11882| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
11883| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
11884| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
11885| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
11886| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
11887| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
11888| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
11889| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
11890| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
11891| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
11892| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
11893| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
11894| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
11895| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
11896| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
11897| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
11898| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
11899| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
11900| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
11901| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
11902| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
11903| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
11904| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
11905| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
11906| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
11907| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
11908| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
11909| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
11910| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
11911| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
11912| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
11913| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
11914| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
11915| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
11916| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
11917| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
11918| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
11919| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
11920| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
11921| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
11922| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
11923| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
11924| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
11925| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
11926| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
11927| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
11928| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
11929| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
11930| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
11931| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
11932| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
11933| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
11934| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
11935| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
11936| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
11937| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
11938| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
11939| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
11940| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
11941| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
11942| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
11943| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
11944| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
11945| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
11946| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
11947| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
11948| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
11949| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
11950| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
11951| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
11952| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
11953| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
11954| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
11955| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
11956| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
11957| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
11958| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
11959| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
11960| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
11961| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
11962| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
11963| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
11964| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
11965| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
11966| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
11967| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
11968| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
11969| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
11970| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
11971| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
11972| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
11973| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
11974| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
11975| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
11976| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
11977| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
11978| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
11979| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
11980| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
11981| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
11982| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
11983| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
11984| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
11985| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
11986| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
11987| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
11988| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
11989| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
11990| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
11991| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
11992| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
11993| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
11994| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
11995| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
11996| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
11997| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
11998| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
11999| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
12000| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
12001| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
12002| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
12003| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
12004| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
12005| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
12006| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
12007| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
12008| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
12009| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
12010| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
12011| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
12012| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
12013| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
12014| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
12015| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
12016| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
12017| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
12018| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
12019| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
12020| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
12021| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
12022| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
12023| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
12024| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
12025| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
12026| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
12027| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
12028| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
12029| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
12030| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
12031| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
12032| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
12033| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
12034| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
12035| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
12036| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
12037| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
12038| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
12039| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
12040| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
12041| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
12042| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
12043| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
12044| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
12045| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
12046| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
12047| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
12048| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
12049| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
12050| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
12051| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
12052| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
12053| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
12054| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
12055| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
12056| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
12057| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
12058| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
12059| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
12060| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
12061| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
12062| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
12063| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
12064| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
12065| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
12066| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
12067| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
12068| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
12069| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
12070| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
12071| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
12072| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
12073| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
12074| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
12075| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
12076| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
12077| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
12078| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
12079| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
12080| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
12081| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
12082| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
12083| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
12084| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
12085| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
12086| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
12087| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
12088| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
12089| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
12090| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
12091| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
12092| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
12093| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
12094| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
12095| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
12096| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
12097| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
12098| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
12099| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
12100| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
12101| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
12102| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
12103| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
12104| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
12105| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
12106| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
12107| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
12108| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
12109| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
12110| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
12111| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
12112| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
12113| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
12114| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
12115| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
12116| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
12117| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
12118| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
12119| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
12120| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
12121| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
12122| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
12123| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
12124| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
12125| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
12126| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
12127| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
12128| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
12129| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
12130| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
12131| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
12132| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
12133| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
12134| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
12135| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
12136| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
12137| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
12138| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
12139| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
12140| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
12141| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
12142| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
12143| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
12144| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
12145| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
12146| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
12147| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
12148| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
12149| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
12150| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
12151| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
12152| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
12153| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
12154| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
12155| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
12156| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
12157| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
12158| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
12159| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
12160| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
12161| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
12162| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
12163| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
12164| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
12165| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
12166| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
12167| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
12168| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
12169| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
12170| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
12171| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
12172| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
12173| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
12174| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
12175| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
12176| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
12177| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
12178| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
12179| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
12180| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
12181| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
12182| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
12183| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
12184| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
12185| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
12186| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
12187| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
12188| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
12189| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
12190| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
12191| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
12192| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
12193| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
12194| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
12195| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
12196| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
12197| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
12198| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
12199| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
12200| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
12201| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
12202| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
12203| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
12204| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
12205| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
12206| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
12207| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
12208| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
12209| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
12210| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
12211| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
12212| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
12213|
12214| SecurityFocus - https://www.securityfocus.com/bid/:
12215| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
12216| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
12217| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
12218| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
12219| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
12220| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
12221| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
12222| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
12223| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
12224| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
12225| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
12226| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
12227| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
12228| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
12229| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
12230| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
12231| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
12232| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
12233| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
12234| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
12235| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
12236| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
12237| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
12238| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
12239| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
12240| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
12241| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
12242| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
12243| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
12244| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
12245| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
12246| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
12247| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
12248| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
12249| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
12250| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
12251| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
12252| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
12253| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
12254| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
12255| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
12256| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
12257| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
12258| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
12259| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
12260| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
12261| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
12262| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
12263| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
12264| [22716] Microsoft Office 2003 Denial of Service Vulnerability
12265| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
12266| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
12267| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
12268| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
12269| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
12270| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
12271| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
12272| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
12273| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
12274| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
12275| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
12276| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
12277| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
12278| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
12279| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
12280| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
12281| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
12282| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
12283| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
12284| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
12285| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
12286| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
12287| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
12288| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
12289| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
12290| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
12291| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
12292| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
12293| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
12294| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
12295| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
12296| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
12297| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
12298| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
12299| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
12300| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
12301| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
12302| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
12303| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
12304| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
12305| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
12306| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
12307| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
12308| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
12309| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
12310| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
12311| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
12312| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
12313| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
12314| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
12315| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
12316| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
12317| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
12318| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
12319| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
12320| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
12321| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
12322| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
12323| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
12324| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
12325| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
12326| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
12327| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
12328| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
12329| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
12330| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
12331| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
12332| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
12333| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
12334| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
12335| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
12336| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
12337| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
12338| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
12339| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
12340| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
12341| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
12342| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
12343| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
12344| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
12345| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
12346| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
12347| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
12348| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
12349| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
12350| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
12351| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
12352| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
12353| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
12354| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
12355| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
12356| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
12357| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
12358| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
12359| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
12360| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
12361| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
12362| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
12363| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
12364| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
12365| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
12366| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
12367| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
12368| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
12369| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
12370| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
12371| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
12372| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
12373| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
12374| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
12375| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
12376| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
12377| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
12378| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
12379| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
12380| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
12381| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
12382| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
12383| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
12384| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
12385| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
12386| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
12387| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
12388| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
12389| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
12390| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
12391| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
12392| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
12393| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
12394| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
12395| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
12396| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
12397| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
12398| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
12399| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
12400| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
12401| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
12402| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
12403| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
12404| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
12405| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
12406| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
12407| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
12408| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
12409| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
12410| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
12411| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
12412| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
12413| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
12414| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
12415| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
12416| [1197] Microsoft Office 2000 UA Control Vulnerability
12417| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
12418| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
12419| [539] Microsoft Windows 2000 EFS Vulnerability
12420| [180] Microsoft Windows April Fools 2001 Vulnerability
12421| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
12422| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
12423| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
12424| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
12425| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
12426| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
12427| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
12428| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
12429| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
12430| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
12431| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
12432| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
12433| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
12434| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
12435| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
12436| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
12437| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
12438| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
12439| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
12440| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
12441| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
12442| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
12443| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
12444| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
12445| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
12446| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
12447| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
12448| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
12449| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
12450| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
12451| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
12452| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
12453| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
12454| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
12455| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
12456| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
12457| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
12458| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
12459| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
12460| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
12461| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
12462| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
12463| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
12464| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
12465| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
12466| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
12467| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
12468| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
12469| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
12470| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
12471| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
12472| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
12473| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
12474| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
12475| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
12476| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
12477| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
12478| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
12479| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
12480| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
12481| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
12482| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
12483| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
12484| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
12485| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
12486|
12487| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12488| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
12489| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
12490| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
12491| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
12492| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
12493| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
12494| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
12495| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
12496| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
12497| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
12498| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
12499| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
12500| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
12501| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
12502| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
12503| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
12504| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
12505| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
12506| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
12507| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
12508| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
12509| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
12510| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
12511| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
12512| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
12513| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
12514| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
12515| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
12516| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
12517| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
12518| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
12519| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
12520| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
12521| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
12522| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
12523| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
12524| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
12525| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
12526| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
12527| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
12528| [48595] Microsoft Word 2007 Email as PDF information disclosure
12529| [46102] Microsoft Windows 2003 SP2 is not installed on the system
12530| [46101] Microsoft Windows 2003 SP1 is not installed on the system
12531| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
12532| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
12533| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
12534| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
12535| [34599] Microsoft Windows Server 2003 terminal server security bypass
12536| [34473] Microsoft Office 2000 ActiveX control buffer overflow
12537| [33713] Microsoft Word 2007 multiple unspecified denial of service
12538| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
12539| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
12540| [31821] Microsoft Windows time zone update for year 2007
12541| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
12542| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
12543| [29546] Microsoft Windows 2000/2003 user logoff initiated
12544| [29545] Microsoft Windows 2000/2003 system time changed
12545| [29544] Microsoft Windows 2000/2003 system security access removed
12546| [29543] Microsoft Windows 2000/2003 security access granted
12547| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
12548| [29541] Microsoft Windows 2000/2003 primary security token issued
12549| [29540] Microsoft Windows 2000/2003 user password reset successful
12550| [29539] Microsoft Windows 2000/2003 object indirectly accessed
12551| [29538] Microsoft Windows 2000/2003 object handle duplicated
12552| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
12553| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
12554| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
12555| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
12556| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
12557| [29532] Microsoft Windows 2000/2003 IKE security association established
12558| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
12559| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
12560| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
12561| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
12562| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
12563| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
12564| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
12565| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
12566| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
12567| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
12568| [29521] Microsoft Windows 2000/2003 account name changed
12569| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
12570| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
12571| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
12572| [26118] Microsoft Office 2003 mailto: information disclosure
12573| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
12574| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
12575| [24473] Microsoft Windows 2000 event ID 565 not logged
12576| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
12577| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
12578| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
12579| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
12580| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
12581| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
12582| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
12583| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
12584| [22183] Microsoft Exchange Server 2003 public folder denial of service
12585| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
12586| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
12587| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
12588| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
12589| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
12590| [19629] Microsoft Exchange Server 2003 folder denial of service
12591| [17826] Microsoft Outlook 2003 CID security bypass
12592| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
12593| [17621] Microsoft Windows 2003 SMTP service code execution
12594| [17560] Microsoft Windows 2000 and XP GDI library denial of service
12595| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
12596| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
12597| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
12598| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
12599| [16907] Microsoft Windows 2003 users with Create global objects privilege
12600| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
12601| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
12602| [16704] Microsoft Windows 2000 Media Player control code execution
12603| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
12604| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
12605| [16570] Microsoft Windows 2003 Users with Create global objects privilege
12606| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
12607| [16562] Microsoft Windows 2003 Groups with "
12608| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
12609| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
12610| [16520] Microsoft Windows 2003 Create global objects privilege
12611| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
12612| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
12613| [16119] Microsoft Outlook 2000 URL spoofing
12614| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
12615| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
12616| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
12617| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
12618| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
12619| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
12620| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
12621| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
12622| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
12623| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
12624| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
12625| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
12626| [13426] Microsoft Windows 2000 and XP RPC race condition
12627| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
12628| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
12629| [13385] Microsoft Windows Server 2003 "
12630| [13211] Microsoft Windows 2000 and XP URG memory leak
12631| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
12632| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
12633| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
12634| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
12635| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
12636| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
12637| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
12638| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
12639| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
12640| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
12641| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
12642| [11901] Microsoft BizTalk Server 2002 SQL injection
12643| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
12644| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
12645| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
12646| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
12647| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
12648| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
12649| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
12650| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
12651| [11216] Microsoft Windows NT and 2000 command prompt denial of service
12652| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
12653| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
12654| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
12655| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
12656| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
12657| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
12658| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
12659| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
12660| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
12661| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
12662| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
12663| [9779] Microsoft Windows 2000 weak system partition permissions
12664| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
12665| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
12666| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
12667| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
12668| [8867] Microsoft Windows 2000 LanMan denial of service
12669| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
12670| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
12671| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
12672| [8739] Microsoft Windows 2000 DCOM memory leak
12673| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
12674| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
12675| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
12676| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
12677| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
12678| [8199] Microsoft Windows 2000 Terminal Services unlocked client
12679| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
12680| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
12681| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
12682| [8037] Microsoft Windows 2000 empty TCP packet denial of service
12683| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
12684| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
12685| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
12686| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
12687| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
12688| [7533] Microsoft Windows 2000 RunAs service denial of service
12689| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
12690| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
12691| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
12692| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
12693| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
12694| [7008] Microsoft Windows 2000 IrDA device denial of service
12695| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
12696| [6931] Microsoft Windows 2000 without Service Pack 2
12697| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
12698| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
12699| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
12700| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
12701| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
12702| [6669] Microsoft Windows 2000 Telnet system call denial of service
12703| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
12704| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
12705| [6666] Microsoft Windows 2000 Telnet username denial of service
12706| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
12707| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
12708| [6652] Microsoft Exchange 2000 OWA script execution
12709| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
12710| [6506] Microsoft Windows 2000 Server Kerberos denial of service
12711| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
12712| [6160] Microsoft Windows 2000 event viewer buffer overflow
12713| [6136] Microsoft Windows 2000 domain controller denial of service
12714| [6035] Microsoft Windows 2000 Server RDP denial of service
12715| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
12716| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
12717| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
12718| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
12719| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
12720| [5585] Microsoft Windows 2000 brute force attack
12721| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
12722| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
12723| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
12724| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
12725| [5263] Microsoft Office 2000 executes .dll without users knowledge
12726| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
12727| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
12728| [5203] Microsoft Windows 2000 still image service
12729| [5171] Microsoft Windows 2000 Local Security Policy corruption
12730| [5080] Microsoft Office 2000 HTML object tag buffer overflow
12731| [5033] Microsoft Windows 2000 without Service Pack 1
12732| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
12733| [5015] Microsoft Windows NT and 2000 executable path
12734| [4887] Microsoft Windows 2000 Kerberos ticket renewed
12735| [4886] Microsoft Windows 2000 logon session reconnected
12736| [4885] Microsoft Windows 2000 logon session disconnected
12737| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
12738| [4873] Microsoft Windows 2000 user account mapped for logon
12739| [4872] Microsoft Windows 2000 account logon failed
12740| [4871] Microsoft Windows 2000 account used for logon
12741| [4855] Microsoft Windows 2000 group type change
12742| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
12743| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
12744| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
12745| [4819] Microsoft Windows 2000 default SYSKEY configuration
12746| [4787] Microsoft Windows 2000 user account locked out
12747| [4786] Microsoft Windows 2000 computer account created
12748| [4785] Microsoft Windows 2000 computer account changed
12749| [4784] Microsoft Windows 2000 computer account deleted
12750| [4714] Microsoft Windows 2000 "
12751| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
12752| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
12753| [4138] Microsoft Windows 2000 system file integrity feature is disabled
12754| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
12755| [4085] Microsoft Windows 2000 non-Gregorial calendar error
12756| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
12757| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
12758| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
12759| [4080] Microsoft Windows 2000 AOL image support
12760| [4079] Microsoft Windows 2000 High Encryption Pack
12761| [3854] Microsoft Office 2000 security setting
12762| [1376] Microsoft Proxy 2.0 denial of service
12763| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
12764| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
12765| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
12766| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
12767| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
12768| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
12769| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
12770| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
12771| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
12772| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
12773| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
12774| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
12775| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
12776| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
12777| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
12778| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
12779| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
12780| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
12781| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
12782| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
12783| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
12784| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
12785| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
12786| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
12787| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
12788| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
12789| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
12790| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
12791| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
12792| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
12793| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
12794| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
12795| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
12796| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
12797| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
12798| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
12799| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
12800| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
12801| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
12802| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
12803| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
12804| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
12805| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
12806| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
12807| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
12808| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
12809| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
12810| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
12811| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
12812| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
12813| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
12814| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
12815| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
12816| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
12817| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
12818| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
12819| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
12820| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
12821| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
12822| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
12823| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
12824| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
12825| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
12826| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
12827| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
12828| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
12829| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
12830| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
12831| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
12832| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
12833| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
12834| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
12835| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
12836| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
12837| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
12838| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
12839| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
12840| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
12841| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
12842| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
12843| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
12844| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
12845| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
12846| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
12847| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
12848| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
12849| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
12850| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
12851| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
12852| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
12853| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
12854| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
12855| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
12856| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
12857| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
12858| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
12859| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
12860| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
12861| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
12862| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
12863| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
12864| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
12865| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
12866| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
12867| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
12868| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
12869| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
12870| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
12871| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
12872| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
12873| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
12874| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
12875| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
12876| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
12877| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
12878| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
12879| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
12880| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
12881| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
12882| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
12883| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
12884| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
12885| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
12886| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
12887| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
12888| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
12889| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
12890| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
12891| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
12892| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
12893| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
12894| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
12895| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
12896| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
12897| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
12898| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
12899| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
12900| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
12901| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
12902| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
12903| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
12904| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
12905| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
12906| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
12907| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
12908| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
12909| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
12910| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
12911| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
12912| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
12913| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
12914| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
12915| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
12916| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
12917| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
12918| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
12919| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
12920| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
12921| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
12922| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
12923| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
12924| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
12925| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
12926| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
12927| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
12928| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
12929| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
12930| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
12931| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
12932| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
12933| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
12934| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
12935| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
12936| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
12937| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
12938| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
12939| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
12940| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
12941| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
12942| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
12943| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
12944| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
12945| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
12946| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
12947| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
12948| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
12949| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
12950| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
12951| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
12952| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
12953| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
12954| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
12955| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
12956| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
12957| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
12958| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
12959| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
12960| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
12961| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
12962| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
12963| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
12964| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
12965| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
12966| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
12967| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
12968| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
12969| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
12970| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
12971| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
12972| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
12973| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
12974| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
12975| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
12976| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
12977| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
12978| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
12979| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
12980| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
12981| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
12982| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
12983| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
12984| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
12985| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
12986| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
12987| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
12988| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
12989| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
12990| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
12991| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
12992| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
12993| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
12994| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
12995| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
12996| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
12997| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
12998| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
12999| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
13000| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
13001| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
13002| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
13003| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
13004| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
13005| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
13006| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
13007| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
13008| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
13009| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
13010| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
13011| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
13012| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
13013| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
13014| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
13015| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
13016| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
13017| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
13018| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
13019| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
13020| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
13021| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
13022| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
13023| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
13024| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
13025| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
13026| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
13027| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
13028| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
13029| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
13030| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
13031| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
13032| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
13033| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
13034| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
13035| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
13036| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
13037| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
13038| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
13039| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
13040| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
13041| [9146] Microsoft Passport SDK 2.1 events reporting disabled
13042| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
13043| [9067] Microsoft Passport SDK 2.1 default test site exposure
13044| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
13045| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
13046| [9064] Microsoft Passport SDK 2.1 default time window exposure
13047| [1271] Microsoft IIS version 2 installed
13048| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
13049|
13050| Exploit-DB - https://www.exploit-db.com:
13051| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
13052| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
13053| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
13054| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
13055| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
13056| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
13057| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
13058| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
13059| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
13060| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
13061| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
13062| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
13063| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
13064| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
13065| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
13066| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
13067| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
13068| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
13069| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
13070| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
13071| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
13072| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
13073| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
13074| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
13075| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
13076| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
13077| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
13078| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
13079| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
13080| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
13081| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
13082| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
13083| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
13084| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
13085| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
13086| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
13087| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
13088| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
13089| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
13090| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
13091| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
13092| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
13093| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
13094| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
13095| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
13096| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
13097| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
13098| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
13099| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
13100| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
13101| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
13102| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
13103| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
13104| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
13105| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
13106| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
13107| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
13108| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
13109| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
13110| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
13111| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
13112| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
13113| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
13114| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
13115| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
13116| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
13117| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
13118| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
13119| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
13120| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
13121| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
13122| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
13123| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
13124| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
13125| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
13126| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
13127| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
13128| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
13129| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
13130| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
13131| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
13132| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
13133| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
13134| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
13135| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
13136| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
13137| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
13138| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
13139| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
13140| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
13141| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
13142| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
13143| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
13144| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
13145| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
13146| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
13147| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
13148| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
13149| [18334] Microsoft Office 2003 Home/Pro 0day
13150| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
13151| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
13152| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
13153| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
13154| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
13155| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
13156| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
13157| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
13158| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
13159| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
13160| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
13161| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
13162| [3690] microsoft office word 2007 - Multiple Vulnerabilities
13163| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
13164| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
13165| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
13166| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
13167| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
13168| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
13169| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
13170| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
13171| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
13172| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
13173| [22850] Microsoft Office OneNote 2010 Crash PoC
13174| [22679] Microsoft Visio 2010 Crash PoC
13175| [22655] Microsoft Publisher 2013 Crash PoC
13176| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
13177| [22330] Microsoft Office Excel 2010 Crash PoC
13178| [22310] Microsoft Office Publisher 2010 Crash PoC
13179| [22237] Microsoft Office Picture Manager 2010 Crash PoC
13180| [22215] Microsoft Office Word 2010 Crash PoC
13181| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
13182| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
13183| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
13184| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
13185| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
13186| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
13187| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
13188| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
13189| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
13190| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
13191|
13192| OpenVAS (Nessus) - http://www.openvas.org:
13193| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
13194| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
13195| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
13196| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
13197| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
13198| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
13199| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
13200| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
13201| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
13202| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
13203| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
13204| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
13205| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
13206|
13207| SecurityTracker - https://www.securitytracker.com:
13208| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
13209| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
13210| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
13211| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
13212| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
13213| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
13214| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
13215| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
13216| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
13217| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
13218| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
13219| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
13220| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
13221| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
13222| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
13223| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
13224| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
13225| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
13226| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
13227| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
13228| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
13229| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
13230| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
13231| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
13232| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
13233| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
13234| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
13235| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
13236| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
13237| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
13238| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
13239| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
13240| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
13241| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
13242| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
13243| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
13244| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
13245| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
13246| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
13247| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
13248| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
13249| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
13250| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
13251| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
13252| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
13253| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
13254| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
13255| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
13256| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
13257| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
13258| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
13259| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
13260| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
13261| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
13262| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
13263| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
13264| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
13265| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
13266| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
13267|
13268| OSVDB - http://www.osvdb.org:
13269| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
13270| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
13271| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
13272| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
13273| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
13274| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
13275| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
13276| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
13277| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
13278| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
13279| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
13280| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
13281| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
13282| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
13283| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
13284| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
13285| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
13286| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
13287| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
13288| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
13289| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
13290| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
13291| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
13292| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
13293| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
13294| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
13295| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
13296| [28539] Microsoft Word 2000 Unspecified Code Execution
13297| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
13298| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
13299| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
13300| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
13301| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
13302| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
13303| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
13304| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
13305| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
13306| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
13307| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
13308| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
13309| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
13310| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
13311| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
13312| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
13313| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
13314| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
13315| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
13316| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
13317| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
13318| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
13319| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
13320| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
13321| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
13322| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
13323| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
13324| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
13325| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
13326| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
13327| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
13328| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
13329| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
13330| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
13331| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
13332| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
13333| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
13334| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
13335| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
13336| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
13337| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
13338| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
13339| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
13340| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
13341| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
13342| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
13343| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
13344| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
13345| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
13346| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
13347| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
13348| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
13349| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
13350| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
13351| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
13352| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
13353| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
13354| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
13355| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
13356| [8243] Microsoft SMS Port 2702 DoS
13357| [7202] Microsoft PowerPoint 2000 File Loader Overflow
13358| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
13359| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
13360| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
13361| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
13362| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
13363| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
13364| [6965] Microsoft ISA Server 2000 SSL Packet DoS
13365| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
13366| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
13367| [5179] Microsoft Windows 2000 microsoft-ds DoS
13368| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
13369| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
13370| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
13371| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
13372| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
13373| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
13374| [4168] Microsoft Outlook 2002 mailto URI Script Injection
13375| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
13376| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
13377| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
13378| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
13379| [2244] Microsoft Windows 2000 ShellExecute() API Let
13380| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
13381| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
13382| [1764] Microsoft Windows 2000 Domain Controller DoS
13383| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
13384| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
13385| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
13386| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
13387| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
13388| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
13389| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
13390| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
13391| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
13392| [1399] Microsoft Windows 2000 Windows Station Access
13393| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
13394| [1297] Microsoft Windows 2000 Active Directory Object Attribute
13395| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
13396| [773] Microsoft Windows 2000 Group Policy File Lock DoS
13397| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
13398| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
13399| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
13400| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
13401| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
13402| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
13403|_
13404139/tcp closed netbios-ssn
13405443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
13406|_http-server-header: Microsoft-HTTPAPI/2.0
13407| vulscan: VulDB - https://vuldb.com:
13408| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
13409| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
13410| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
13411| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
13412| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
13413| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13414| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13415| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13416| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13417| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13418| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13419| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13420| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13421| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13422| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13423| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13424| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13425| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13426| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13427| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
13428| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
13429| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
13430| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
13431| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
13432| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
13433| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
13434| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
13435| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
13436| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
13437| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
13438| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
13439| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
13440| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
13441| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
13442| [114524] Microsoft ASP.NET Core 2.0 denial of service
13443| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
13444| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
13445| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
13446| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
13447| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
13448| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
13449| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
13450| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
13451| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
13452| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13453| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13454| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
13455| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
13456| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
13457| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
13458| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
13459| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
13460| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
13461| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
13462| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
13463| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
13464| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
13465| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
13466| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
13467| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
13468| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
13469| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
13470| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
13471| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
13472| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
13473| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13474| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
13475| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
13476| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13477| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13478| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13479| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
13480| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
13481| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13482| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13483| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
13484| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
13485| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
13486| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
13487| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
13488| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
13489| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
13490| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
13491| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13492| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
13493| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
13494| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
13495| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
13496| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
13497| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
13498| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
13499| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
13500| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
13501| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
13502| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
13503| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
13504| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
13505| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
13506| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
13507| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
13508| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13509| [98085] Microsoft Excel 2007 SP3 memory corruption
13510| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
13511| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
13512| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
13513| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
13514| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
13515| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
13516| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
13517| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
13518| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
13519| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
13520| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
13521| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13522| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
13523| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
13524| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
13525| [93541] Microsoft Office 2007 SP3 denial of service
13526| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
13527| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
13528| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
13529| [93396] Microsoft Office 2007/2010/2011 memory corruption
13530| [93395] Microsoft Office 2007/2010/2011 memory corruption
13531| [93394] Microsoft Office 2007/2010 memory corruption
13532| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
13533| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
13534| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
13535| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
13536| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
13537| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
13538| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
13539| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
13540| [91545] Microsoft Office 2007/2010 memory corruption
13541| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
13542| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
13543| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
13544| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
13545| [90705] Microsoft Office 2007/2010/2011 memory corruption
13546| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
13547| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
13548| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
13549| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
13550| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
13551| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
13552| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
13553| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
13554| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
13555| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
13556| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
13557| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
13558| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
13559| [87147] Microsoft Office 2007/2010 memory corruption
13560| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
13561| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
13562| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
13563| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
13564| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
13565| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
13566| [81272] Microsoft Office 2007/2010/2013 memory corruption
13567| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
13568| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13569| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13570| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13571| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
13572| [79505] Microsoft Office 2007 memory corruption
13573| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
13574| [79503] Microsoft Office 2007/2010/2013 memory corruption
13575| [79502] Microsoft Office 2007/2010/2011 memory corruption
13576| [79501] Microsoft Office 2007/2010 memory corruption
13577| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
13578| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
13579| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
13580| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
13581| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
13582| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
13583| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
13584| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
13585| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
13586| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
13587| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
13588| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
13589| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
13590| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
13591| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
13592| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
13593| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
13594| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
13595| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
13596| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
13597| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
13598| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
13599| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
13600| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
13601| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
13602| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
13603| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
13604| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
13605| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
13606| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
13607| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
13608| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
13609| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
13610| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
13611| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
13612| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
13613| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
13614| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
13615| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
13616| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
13617| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
13618| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
13619| [68408] Microsoft Excel 2007/2010/2013 memory corruption
13620| [68407] Microsoft Excel 2007/2010 memory corruption
13621| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
13622| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
13623| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
13624| [68188] Microsoft Word 2007 File memory corruption
13625| [68187] Microsoft Word 2007 File memory corruption
13626| [68186] Microsoft Word 2007 File memory corruption
13627| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
13628| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
13629| [71337] Microsoft Office 2000/2004/XP memory corruption
13630| [67355] Microsoft OneNote 2007 File Processing privilege escalation
13631| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
13632| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
13633| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
13634| [13545] Microsoft Word 2007 Embedded Font memory corruption
13635| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
13636| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
13637| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
13638| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
13639| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
13640| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
13641| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
13642| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
13643| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
13644| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
13645| [12844] Microsoft Word 2007/2010 Office File memory corruption
13646| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
13647| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
13648| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
13649| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
13650| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
13651| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
13652| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
13653| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
13654| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
13655| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
13656| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
13657| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
13658| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
13659| [10648] Microsoft Word 2007 Word File memory corruption
13660| [10647] Microsoft Word 2003 Word File memory corruption
13661| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
13662| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
13663| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
13664| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
13665| [10244] Microsoft Office 2003 SP3 Word File memory corruption
13666| [10243] Microsoft Office 2003/2007 Word File memory corruption
13667| [10242] Microsoft Office 2007 Word File memory corruption
13668| [10241] Microsoft Office 2007 Word File memory corruption
13669| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
13670| [10239] Microsoft Office 2003/2007 Word File memory corruption
13671| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
13672| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
13673| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
13674| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
13675| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
13676| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
13677| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
13678| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
13679| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
13680| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
13681| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
13682| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
13683| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
13684| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
13685| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
13686| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
13687| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
13688| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
13689| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
13690| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
13691| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
13692| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
13693| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
13694| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
13695| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
13696| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
13697| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
13698| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
13699| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
13700| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
13701| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
13702| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
13703| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
13704| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
13705| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
13706| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
13707| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
13708| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
13709| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
13710| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
13711| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
13712| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
13713| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
13714| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
13715| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
13716| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
13717| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
13718| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
13719| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
13720| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
13721| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
13722| [6830] Microsoft Word 2007/2010 File memory corruption
13723| [6819] Microsoft Excel 2007 File memory corruption
13724| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
13725| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
13726| [6621] Microsoft Word 2007 PAPX memory corruption
13727| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
13728| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
13729| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
13730| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
13731| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
13732| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
13733| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
13734| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
13735| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
13736| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
13737| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
13738| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
13739| [5643] Microsoft SharePoint 2007/2010 information disclosure
13740| [5642] Microsoft SharePoint 2007 cross site request forgery
13741| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
13742| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
13743| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
13744| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
13745| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
13746| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
13747| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
13748| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
13749| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
13750| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
13751| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
13752| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
13753| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
13754| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
13755| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
13756| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
13757| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
13758| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
13759| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
13760| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
13761| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
13762| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
13763| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
13764| [4480] Microsoft Excel 2003 memory corruption
13765| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
13766| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
13767| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
13768| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
13769| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
13770| [4470] Microsoft Office 2003 SP3 memory corruption
13771| [4453] Microsoft Excel 2003 Record Parser memory corruption
13772| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
13773| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
13774| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
13775| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
13776| [59005] Microsoft Host Integration Server 2004 denial of service
13777| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
13778| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
13779| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
13780| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
13781| [58488] Microsoft Office 2007/2010 memory corruption
13782| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
13783| [4411] Microsoft Excel 2003 memory corruption
13784| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
13785| [58240] Microsoft Visio 2003/2007 memory corruption
13786| [58237] Microsoft Visio 2003/2007/2010 memory corruption
13787| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
13788| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
13789| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
13790| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
13791| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
13792| [57691] Microsoft SQL Server 2008 Web Service information disclosure
13793| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
13794| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
13795| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
13796| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
13797| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
13798| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
13799| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
13800| [4369] Microsoft Excel 2002/2003/2007 memory corruption
13801| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
13802| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
13803| [57420] Microsoft PowerPoint 2002/2003 memory corruption
13804| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
13805| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
13806| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
13807| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
13808| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
13809| [57076] Microsoft Excel 2002/2003 memory corruption
13810| [57075] Microsoft Excel 2002/2003 memory corruption
13811| [57074] Microsoft Excel 2002 memory corruption
13812| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
13813| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
13814| [4332] Microsoft PowerPoint 2007/2010 memory corruption
13815| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
13816| [56475] Microsoft Office 2004/2008 memory corruption
13817| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
13818| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
13819| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
13820| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
13821| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
13822| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
13823| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
13824| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
13825| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
13826| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
13827| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
13828| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
13829| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
13830| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
13831| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
13832| [55765] Microsoft Office 2003/Xp Integer memory corruption
13833| [55764] Microsoft Office 2003/Xp memory corruption
13834| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
13835| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
13836| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
13837| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
13838| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
13839| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
13840| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
13841| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
13842| [55420] Microsoft Office 2007/2010 memory corruption
13843| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
13844| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
13845| [55411] Microsoft PowerPoint 2002/2003 memory corruption
13846| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
13847| [54995] Microsoft Office 2004/2008 memory corruption
13848| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
13849| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
13850| [54992] Microsoft Excel 2002 memory corruption
13851| [54991] Microsoft Office 2004 Future memory corruption
13852| [54990] Microsoft Office 2004 memory corruption
13853| [54989] Microsoft Office 2004/2008 memory corruption
13854| [54988] Microsoft Excel 2002 memory corruption
13855| [54987] Microsoft Excel 2002 memory corruption
13856| [54986] Microsoft Excel 2002/2003 memory corruption
13857| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
13858| [54984] Microsoft Office 2004/2008 memory corruption
13859| [54983] Microsoft Excel 2002 Integer memory corruption
13860| [54980] Microsoft Word 2002/2003 memory corruption
13861| [54979] Microsoft Word 2002 memory corruption
13862| [54978] Microsoft Word 2002 memory corruption
13863| [54977] Microsoft Word 2002 Heap-based memory corruption
13864| [54976] Microsoft Word 2002 memory corruption
13865| [54975] Microsoft Word 2002 memory corruption
13866| [54974] Microsoft Word 2002 memory corruption
13867| [54973] Microsoft Word 2002 memory corruption
13868| [54972] Microsoft Word 2002 memory corruption
13869| [54971] Microsoft Word 2002 memory corruption
13870| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
13871| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
13872| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
13873| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
13874| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
13875| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
13876| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
13877| [54554] Microsoft Groove 2007 mso.dll memory corruption
13878| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
13879| [54322] Microsoft Word 2002/2003 memory corruption
13880| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
13881| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
13882| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
13883| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
13884| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
13885| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
13886| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
13887| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
13888| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
13889| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
13890| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
13891| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
13892| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
13893| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
13894| [53505] Microsoft Excel 2002/2007 memory corruption
13895| [53501] Microsoft Excel 2002 memory corruption
13896| [53500] Microsoft Excel 2002 memory corruption
13897| [53499] Microsoft Excel 2002 memory corruption
13898| [53495] Microsoft Excel 2002/2003/2007 memory corruption
13899| [53494] Microsoft Excel 2002 Stack-based memory corruption
13900| [53504] Microsoft Excel 2002 memory corruption
13901| [53503] Microsoft Excel 2002 Stack-Based memory corruption
13902| [53502] Microsoft Excel 2002 Heap-based memory corruption
13903| [53498] Microsoft Excel 2002 Stack-based memory corruption
13904| [53497] Microsoft Excel 2002 memory corruption
13905| [53496] Microsoft Excel 2002 memory corruption
13906| [53493] Microsoft Excel 2002/2003/2007 memory corruption
13907| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
13908| [53366] Microsoft ASP.NET 2.0 cross site scripting
13909| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
13910| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
13911| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
13912| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
13913| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
13914| [52773] Microsoft Visio 2002/2003/2007 memory corruption
13915| [52772] Microsoft Visio 2002/2003/2007 memory corruption
13916| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
13917| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
13918| [52543] Microsoft Virtual PC 2007 unknown vulnerability
13919| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
13920| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
13921| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
13922| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
13923| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
13924| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
13925| [4090] Microsoft Excel 2002/2003/2007 memory corruption
13926| [52036] Microsoft Windows 2000 MsgBox memory corruption
13927| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
13928| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
13929| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
13930| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
13931| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
13932| [51799] Microsoft PowerPoint 2002/2003 memory corruption
13933| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
13934| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
13935| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
13936| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
13937| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
13938| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
13939| [51074] Microsoft Office 2002/2003 Integer memory corruption
13940| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
13941| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
13942| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
13943| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
13944| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
13945| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
13946| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
13947| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
13948| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
13949| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
13950| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
13951| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
13952| [50443] Microsoft PowerPoint 2007 Integer memory corruption
13953| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
13954| [49866] Microsoft Windows Server 2003 memory corruption
13955| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
13956| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
13957| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
13958| [49745] Microsoft Windows Server 2003 denial of service
13959| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
13960| [49394] Microsoft Windows Server 2003 memory corruption
13961| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
13962| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
13963| [49198] Microsoft Visual Studio 2005 information disclosure
13964| [49047] Microsoft Virtual Server 2005 privilege escalation
13965| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
13966| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
13967| [49044] Microsoft ISA Server 2006 privilege escalation
13968| [3999] Microsoft Office 2007 Pointer memory corruption
13969| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
13970| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
13971| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
13972| [48517] Microsoft Windows 2000 Memory Leak memory corruption
13973| [48516] Microsoft Windows Server 2008 unknown vulnerability
13974| [48512] Microsoft Windows Server 2008 unknown vulnerability
13975| [48515] Microsoft Office Word Viewer 2003 memory corruption
13976| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
13977| [48554] Microsoft Excel 2000/2003/2007 memory corruption
13978| [48157] Microsoft PowerPoint 2002 Sound memory corruption
13979| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
13980| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
13981| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
13982| [48150] Microsoft PowerPoint 2002 Sound memory corruption
13983| [48147] Microsoft PowerPoint 2002 Sound memory corruption
13984| [48146] Microsoft PowerPoint 2002 Integer memory corruption
13985| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
13986| [48153] Microsoft PowerPoint 2002 Sound memory corruption
13987| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
13988| [48149] Microsoft PowerPoint 2002 memory corruption
13989| [48148] Microsoft PowerPoint 2002 Sound memory corruption
13990| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
13991| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
13992| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
13993| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
13994| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
13995| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
13996| [47719] Microsoft Windows 2000 Stack-based memory corruption
13997| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
13998| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
13999| [47715] Microsoft Windows 2000 Wordpad memory corruption
14000| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
14001| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
14002| [3952] Microsoft ISA Server 2004/2006 denial of service
14003| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
14004| [47091] Microsoft Windows Server 2008 unknown vulnerability
14005| [47090] Microsoft Windows Server 2008 unknown vulnerability
14006| [3939] Microsoft Windows 2000 DNS spoofing
14007| [3938] Microsoft Windows 2000 SSL weak authentication
14008| [3937] Microsoft Windows 2000 memory corruption
14009| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
14010| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
14011| [46455] Microsoft Exchange Server 2007 denial of service
14012| [46454] Microsoft Exchange Server 2007 memory corruption
14013| [46453] Microsoft Visio 2002/2003/2007 memory corruption
14014| [46452] Microsoft Visio 2002/2003/2007 memory corruption
14015| [46451] Microsoft Visio 2002/2003/2007 memory corruption
14016| [46327] Microsoft Word 2007 information disclosure
14017| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
14018| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
14019| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
14020| [45379] Microsoft Office SharePoint Server 2007 denial of service
14021| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
14022| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
14023| [3891] Microsoft Excel 2000/2002/2003 memory corruption
14024| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
14025| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
14026| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
14027| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
14028| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
14029| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
14030| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
14031| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
14032| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
14033| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
14034| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
14035| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
14036| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
14037| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
14038| [45197] Microsoft Windows 2000 nskey.dll memory corruption
14039| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
14040| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
14041| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
14042| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
14043| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
14044| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
14045| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
14046| [3844] Microsoft Excel 2003 REPT memory corruption
14047| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
14048| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
14049| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
14050| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
14051| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
14052| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
14053| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
14054| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
14055| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
14056| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
14057| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
14058| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
14059| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
14060| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
14061| [43657] Microsoft Office 2000/2003/Xp memory corruption
14062| [43654] Microsoft SharePoint Server 2007 memory corruption
14063| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
14064| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
14065| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
14066| [3796] Microsoft Office 2000 WPG memory corruption
14067| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
14068| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
14069| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
14070| [3792] Microsoft Office 2000 EPS File memory corruption
14071| [3783] Microsoft Word 2002 memory corruption
14072| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
14073| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
14074| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
14075| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
14076| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
14077| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
14078| [42816] Microsoft Word 2000/2003 memory corruption
14079| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
14080| [42731] Microsoft Windows Server 2003 denial of service
14081| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
14082| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
14083| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
14084| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
14085| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
14086| [41880] Microsoft Project 2000/2002/2003 memory corruption
14087| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
14088| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
14089| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
14090| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
14091| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
14092| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
14093| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
14094| [41453] Microsoft Excel 2000/2002/2003 memory corruption
14095| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
14096| [41451] Microsoft Excel 2000/2002/2003 memory corruption
14097| [41450] Microsoft Excel 2000 memory corruption
14098| [41449] Microsoft Excel 2000/2002/2003 memory corruption
14099| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
14100| [3648] Microsoft Excel 2003 memory corruption
14101| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
14102| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
14103| [41002] Microsoft Office 2000/2003/Xp memory corruption
14104| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
14105| [41000] Microsoft Works 2005/8.0 memory corruption
14106| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
14107| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
14108| [40987] Microsoft Windows 2000 denial of service
14109| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
14110| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
14111| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
14112| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
14113| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
14114| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
14115| [39655] Microsoft Windows Server 2003 spoofing
14116| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
14117| [3373] Microsoft Word 2000/2002 memory corruption
14118| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
14119| [38899] Microsoft ISA Server 2004 information disclosure
14120| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
14121| [38326] Microsoft Windows 2000 attemptwrite memory corruption
14122| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
14123| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
14124| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
14125| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
14126| [37738] Microsoft Office 2002/2003 memory corruption
14127| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
14128| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
14129| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
14130| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
14131| [37566] Microsoft Excel 2003 unknown vulnerability
14132| [37526] Microsoft Windows 2000/Server 2003 denial of service
14133| [37248] Microsoft Visio 2002 Packaging memory corruption
14134| [37251] Microsoft Windows 2000 memory corruption
14135| [3119] Microsoft Visio 2002 Object memory corruption
14136| [3118] Microsoft Visio 2002 Data memory corruption
14137| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
14138| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
14139| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
14140| [36616] Microsoft Works 2004/2005/2006 memory corruption
14141| [36621] Microsoft Exchange Server 2000 Integer denial of service
14142| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
14143| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
14144| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
14145| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
14146| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
14147| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
14148| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
14149| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
14150| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
14151| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
14152| [36039] Microsoft Content Management Server 2001 memory corruption
14153| [36052] Microsoft Windows 2000 Heap-based memory corruption
14154| [36051] Microsoft Word 2007 file798-1.doc memory corruption
14155| [36050] Microsoft Word 2007 file789-1.doc memory corruption
14156| [36040] Microsoft Content Management Server 2001 cross site scripting
14157| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
14158| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
14159| [36002] Microsoft Windows 2000/XP denial of service
14160| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
14161| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
14162| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
14163| [35373] Microsoft Excel 2003 denial of service
14164| [35372] Microsoft Office 2003 denial of service
14165| [35206] Microsoft Windows Server 2003/XP Crash denial of service
14166| [35161] Microsoft ISA Server 2004 unknown vulnerability
14167| [35236] Microsoft Publisher 2007 memory corruption
14168| [2939] Microsoft Word 2000 memory corruption
14169| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
14170| [34993] Microsoft Office 2000/2003/Xp memory corruption
14171| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
14172| [35000] Microsoft Word 2000/2002/2003 memory corruption
14173| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
14174| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
14175| [2884] Microsoft Word 2000/2002/2003 memory corruption
14176| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
14177| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
14178| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
14179| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
14180| [34322] Microsoft Office 2000/2003/Xp memory corruption
14181| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
14182| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
14183| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
14184| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
14185| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
14186| [34126] Microsoft Office 2003 memory corruption
14187| [34122] Microsoft Office Web Components 2000 memory corruption
14188| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
14189| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
14190| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
14191| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
14192| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
14193| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
14194| [33766] Microsoft Word 2000/2002/2003 memory corruption
14195| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
14196| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
14197| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
14198| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
14199| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
14200| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
14201| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
14202| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
14203| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
14204| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
14205| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
14206| [32693] Microsoft Word 2004 memory corruption
14207| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
14208| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
14209| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
14210| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
14211| [32694] Microsoft Windows 2000 memory corruption
14212| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
14213| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
14214| [32687] Microsoft Word 2000/2002 memory corruption
14215| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
14216| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
14217| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
14218| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
14219| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
14220| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
14221| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
14222| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
14223| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
14224| [2593] Microsoft ASP.NET 2.0 cross site scripting
14225| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
14226| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
14227| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
14228| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
14229| [141635] Microsoft .NET Core 2.1/2.2 denial of service
14230| [141633] Microsoft Excel up to 2019 memory corruption
14231| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
14232| [141630] Microsoft Windows up to Server 2019 denial of service
14233| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
14234| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
14235| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
14236| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
14237| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
14238| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
14239| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
14240| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
14241| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
14242| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
14243| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
14244| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
14245| [141610] Microsoft Excel up to 2019 information disclosure
14246| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
14247| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
14248| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
14249| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
14250| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
14251| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
14252| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
14253| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
14254| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14255| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14256| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14257| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14258| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14259| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
14260| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
14261| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14262| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14263| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14264| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14265| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
14266| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
14267| [141583] Microsoft Lync Server 2013 Conference directory traversal
14268| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
14269| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
14270| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
14271| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
14272| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
14273| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
14274| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
14275| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
14276| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
14277| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
14278| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
14279| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
14280| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
14281| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
14282| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
14283| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
14284| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
14285| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
14286| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
14287| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
14288| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
14289| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
14290| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
14291| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
14292| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
14293| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
14294| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
14295| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
14296| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
14297| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
14298| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
14299| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
14300| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
14301| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
14302| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
14303| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14304| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14305| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14306| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
14307| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
14308| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14309| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14310| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
14311| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
14312| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
14313| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
14314| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
14315| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
14316| [139911] Microsoft Windows up to Server 2019 denial of service
14317| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
14318| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
14319| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
14320| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
14321| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
14322| [139902] Microsoft Word up to 2019 memory corruption
14323| [139901] Microsoft Outlook up to 2019 memory corruption
14324| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
14325| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
14326| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
14327| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
14328| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
14329| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
14330| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
14331| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
14332| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
14333| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
14334| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
14335| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
14336| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
14337| [139877] Microsoft Outlook up to 2019 memory corruption
14338| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
14339| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
14340| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
14341| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
14342| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
14343| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
14344| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
14345| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
14346| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14347| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14348| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14349| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14350| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14351| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14352| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14353| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14354| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14355| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
14356| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
14357| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
14358| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
14359| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
14360| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
14361| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
14362| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
14363| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
14364| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
14365| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
14366| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
14367| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
14368| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
14369| [137541] Microsoft Windows up to Server 2019 memory corruption
14370| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
14371| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
14372| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
14373| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
14374| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
14375| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
14376| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
14377| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
14378| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
14379| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
14380| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
14381| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
14382| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
14383| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
14384| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
14385| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
14386| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
14387| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
14388| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
14389| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
14390| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
14391| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
14392| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
14393| [136327] Microsoft Lync Server 2010/2013 denial of service
14394| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
14395| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
14396| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
14397| [136323] Microsoft Windows up to Server 2019 denial of service
14398| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
14399| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
14400| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
14401| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
14402| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
14403| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
14404| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
14405| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
14406| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
14407| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
14408| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
14409| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
14410| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
14411| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14412| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
14413| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
14414| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
14415| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14416| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14417| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14418| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14419| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14420| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14421| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
14422| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
14423| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
14424| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
14425| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
14426| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
14427| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
14428| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
14429| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
14430| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
14431| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
14432| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
14433| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
14434| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14435| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
14436| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
14437| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14438| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14439| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
14440| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
14441| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
14442| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
14443| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
14444| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
14445| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14446| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14447| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14448| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14449| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14450| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14451| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14452| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14453| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14454| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14455| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
14456| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14457| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14458| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14459| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
14460| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
14461| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
14462| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
14463| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
14464| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
14465| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
14466| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
14467| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
14468| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14469| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14470| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
14471| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
14472| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
14473| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
14474| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
14475| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14476| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
14477| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
14478| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14479| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14480| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
14481| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
14482| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
14483| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
14484| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
14485| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
14486| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
14487| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
14488| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
14489| [133204] Microsoft Office/Excel up to 2019 memory corruption
14490| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
14491| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
14492| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
14493| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
14494| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
14495| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
14496| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
14497| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
14498| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
14499| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
14500| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
14501| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
14502| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
14503| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
14504| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
14505| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
14506| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
14507| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
14508| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
14509| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
14510| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
14511| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
14512| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
14513| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
14514| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
14515| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
14516| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
14517| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
14518| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
14519| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
14520| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
14521| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
14522| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
14523| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
14524| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
14525| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
14526| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
14527| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
14528| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
14529| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
14530| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
14531| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
14532| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
14533| [131658] Microsoft Windows up to Server 2019 information disclosure
14534| [131657] Microsoft Windows up to Server 2019 denial of service
14535| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
14536| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
14537| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
14538| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
14539| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
14540| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
14541| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
14542| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
14543| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14544| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
14545| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
14546| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
14547| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
14548| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
14549| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
14550| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
14551| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
14552| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
14553| [130832] Microsoft 2013 SP1 spoofing
14554| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
14555| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
14556| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
14557| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
14558| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
14559| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
14560| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14561| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
14562| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
14563| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
14564| [130814] Microsoft Windows up to Server 2019 privilege escalation
14565| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
14566| [130808] Microsoft Windows up to Server 2019 information disclosure
14567| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
14568| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
14569| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
14570| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
14571| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
14572| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
14573| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
14574| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14575| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
14576| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
14577| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
14578| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
14579| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
14580| [130792] Microsoft Windows up to Server 2019 HID information disclosure
14581| [130791] Microsoft Windows up to Server 2019 HID information disclosure
14582| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14583| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14584| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14585| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14586| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14587| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
14588| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
14589| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
14590| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
14591| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
14592| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
14593| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
14594| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
14595| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14596| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14597| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14598| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14599| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14600| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14601| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14602| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14603| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14604| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14605| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
14606| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
14607| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
14608| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
14609| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
14610| [128745] Microsoft Office up to 2019 Word Macro information disclosure
14611| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
14612| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14613| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
14614| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
14615| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
14616| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
14617| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
14618| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
14619| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
14620| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
14621| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
14622| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
14623| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
14624| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
14625| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
14626| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
14627| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
14628| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
14629| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
14630| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
14631| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
14632| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
14633| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
14634| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
14635| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
14636| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
14637| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
14638| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
14639| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
14640| [127817] Microsoft Excel up to 2019 information disclosure
14641| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
14642| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
14643| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
14644| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
14645| [127806] Microsoft Outlook up to 2019 memory corruption
14646| [127805] Microsoft Excel up to 2019 memory corruption
14647| [127804] Microsoft Excel up to 2019 memory corruption
14648| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
14649| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
14650| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
14651| [126755] Microsoft .NET Core 2.1 privilege escalation
14652| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
14653| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
14654| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
14655| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
14656| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
14657| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
14658| [126744] Microsoft Office up to 2019 Word memory corruption
14659| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
14660| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
14661| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
14662| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
14663| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
14664| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
14665| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
14666| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
14667| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
14668| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
14669| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
14670| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
14671| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
14672| [126718] Microsoft Windows up to Server 2016 Search memory corruption
14673| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
14674| [126716] Microsoft Office up to 2019 Excel memory corruption
14675| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
14676| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
14677| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
14678| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
14679| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
14680| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
14681| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
14682| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
14683| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
14684| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
14685| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
14686| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
14687| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
14688| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
14689| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
14690| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
14691| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
14692| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14693| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14694| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14695| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14696| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
14697| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
14698| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
14699| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
14700| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
14701| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
14702| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
14703| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
14704| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
14705| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
14706| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
14707| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
14708| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
14709| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
14710| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
14711| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
14712| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
14713| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
14714| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
14715| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
14716| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14717| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
14718| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
14719| [123849] Microsoft Windows up to Server 2016 SMB denial of service
14720| [123846] Microsoft Office 2016 on Win/Mac memory corruption
14721| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
14722| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
14723| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
14724| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
14725| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
14726| [123827] Microsoft Windows up to Server 2016 Image memory corruption
14727| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
14728| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
14729| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
14730| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
14731| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
14732| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
14733| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
14734| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
14735| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14736| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
14737| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
14738| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14739| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
14740| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
14741| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
14742| [122848] Microsoft Windows Security Feature 2FA weak authentication
14743| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
14744| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
14745| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
14746| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
14747| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14748| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
14749| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
14750| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
14751| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
14752| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
14753| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
14754| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14755| [121098] Microsoft Office 2016/2016 C2R memory corruption
14756| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
14757| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
14758| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
14759| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
14760| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
14761| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
14762| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
14763| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
14764| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
14765| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
14766| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
14767| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
14768| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
14769| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
14770| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
14771| [119459] Microsoft Windows up to Server 2016 memory corruption
14772| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
14773| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
14774| [119455] Microsoft Windows up to Server 2016 denial of service
14775| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
14776| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
14777| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
14778| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
14779| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
14780| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
14781| [119436] Microsoft Windows up to Server 2016 memory corruption
14782| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
14783| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
14784| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
14785| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
14786| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
14787| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
14788| [117507] Microsoft Infopath 2013 SP1 memory corruption
14789| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
14790| [117504] Microsoft Office 2010 SP2 information disclosure
14791| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
14792| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
14793| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14794| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
14795| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
14796| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
14797| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
14798| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
14799| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14800| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14801| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14802| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14803| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14804| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14805| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
14806| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
14807| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
14808| [116132] Microsoft Office 2016 Memory information disclosure
14809| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14810| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
14811| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
14812| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
14813| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
14814| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
14815| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
14816| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
14817| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
14818| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
14819| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
14820| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
14821| [116023] Microsoft Office up to 2016 C2R information disclosure
14822| [116022] Microsoft Excel 2010 SP2 memory corruption
14823| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
14824| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
14825| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14826| [116017] Microsoft Excel up to 2016 C2R memory corruption
14827| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
14828| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
14829| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
14830| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
14831| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
14832| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
14833| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
14834| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
14835| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
14836| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
14837| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
14838| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
14839| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
14840| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14841| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
14842| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
14843| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
14844| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14845| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14846| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14847| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14848| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14849| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14850| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14851| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14852| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14853| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14854| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14855| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
14856| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
14857| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
14858| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
14859| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
14860| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
14861| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
14862| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
14863| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
14864| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
14865| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
14866| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
14867| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
14868| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
14869| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
14870| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
14871| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
14872| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
14873| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
14874| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
14875| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
14876| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
14877| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
14878| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
14879| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
14880| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
14881| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
14882| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
14883| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
14884| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
14885| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
14886| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
14887| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
14888| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
14889| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
14890| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
14891| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
14892| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
14893| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
14894| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
14895| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14896| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
14897| [113232] Microsoft Excel 2016 memory corruption
14898| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
14899| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
14900| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
14901| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
14902| [111567] Microsoft Office 2010/2013/2016 memory corruption
14903| [111564] Microsoft Word 2016 memory corruption
14904| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
14905| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
14906| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
14907| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
14908| [110553] Microsoft Office 2016 C2R information disclosure
14909| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
14910| [110551] Microsoft Excel 2016 C2R memory corruption
14911| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
14912| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
14913| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
14914| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
14915| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
14916| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
14917| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
14918| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
14919| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
14920| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
14921| [107759] Microsoft Windows up to Server 2016 SMB denial of service
14922| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
14923| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
14924| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
14925| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
14926| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
14927| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
14928| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
14929| [107738] Microsoft Windows up to Server 2016 Search information disclosure
14930| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
14931| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
14932| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
14933| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14934| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14935| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
14936| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
14937| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
14938| [107698] Microsoft Office 2016 memory corruption
14939| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
14940| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
14941| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
14942| [106529] Microsoft PowerPoint 2016 memory corruption
14943| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
14944| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
14945| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
14946| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
14947| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
14948| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
14949| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
14950| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
14951| [106474] Microsoft Office 2016 memory corruption
14952| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
14953| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
14954| [106470] Microsoft Excel 2011 on Mac memory corruption
14955| [106455] Microsoft Exchange Server 2013/2016 information disclosure
14956| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
14957| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
14958| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
14959| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
14960| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
14961| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
14962| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
14963| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
14964| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
14965| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
14966| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
14967| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
14968| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
14969| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
14970| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
14971| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
14972| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
14973| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
14974| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
14975| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
14976| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
14977| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
14978| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
14979| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
14980| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
14981| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
14982| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
14983| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
14984| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
14985| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
14986| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
14987| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
14988| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
14989| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
14990| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
14991| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
14992| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
14993| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
14994| [102463] Microsoft Project Server 2013 SP1 cross site scripting
14995| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
14996| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
14997| [102446] Microsoft Office up to 2016 privilege escalation
14998| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
14999| [102443] Microsoft Office up to 2016 privilege escalation
15000| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
15001| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
15002| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
15003| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
15004| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
15005| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
15006| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
15007| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
15008| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
15009| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
15010| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
15011| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
15012| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
15013| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
15014| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
15015| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
15016| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
15017| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
15018| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
15019| [101019] Microsoft Skype for Business 2016 memory corruption
15020| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
15021| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
15022| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
15023| [101014] Microsoft Office 2010 SP2/2016 memory corruption
15024| [101013] Microsoft Office 2010 SP2/2016 memory corruption
15025| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
15026| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
15027| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
15028| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
15029| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
15030| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
15031| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
15032| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
15033| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
15034| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
15035| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
15036| [98096] Microsoft Exchange 2013 SP1 privilege escalation
15037| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
15038| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
15039| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
15040| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
15041| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
15042| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
15043| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
15044| [98081] Microsoft Excel up to 2016 information disclosure
15045| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
15046| [98079] Microsoft Word 2016 memory corruption
15047| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
15048| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
15049| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
15050| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
15051| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
15052| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
15053| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
15054| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
15055| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
15056| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
15057| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
15058| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
15059| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
15060| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
15061| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
15062| [94451] Microsoft Office 2011 memory corruption
15063| [94447] Microsoft Office 2010 SP2 memory corruption
15064| [94446] Microsoft Office 2016 memory corruption
15065| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
15066| [94443] Microsoft Office up to 2016 information disclosure
15067| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
15068| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
15069| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
15070| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
15071| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
15072| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
15073| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
15074| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
15075| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
15076| [93393] Microsoft Office up to 2016 memory corruption
15077| [93392] Microsoft Office up to 2016 memory corruption
15078| [93391] Microsoft Office up to 2016 memory corruption
15079| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
15080| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
15081| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
15082| [92584] Microsoft Office up to 2016 memory corruption
15083| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
15084| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
15085| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
15086| [91555] Microsoft Exchange 2013/2016 Link spoofing
15087| [91550] Microsoft Office 2016 memory corruption
15088| [91547] Microsoft Office 2010 memory corruption
15089| [91543] Microsoft Office up to 2016 memory corruption
15090| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
15091| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
15092| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
15093| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
15094| [89043] Microsoft Office up to 2016 memory corruption
15095| [89041] Microsoft Office up to 2016 memory corruption
15096| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
15097| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
15098| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
15099| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
15100| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
15101| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
15102| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
15103| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
15104| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
15105| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
15106| [87936] Microsoft Office up to 2016 memory corruption
15107| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
15108| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
15109| [87149] Microsoft Office up to 2016 memory corruption
15110| [87148] Microsoft Office 2010 Graphics memory corruption
15111| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
15112| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
15113| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
15114| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
15115| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
15116| [81274] Microsoft Office up to 2016 memory corruption
15117| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
15118| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
15119| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
15120| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
15121| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
15122| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
15123| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
15124| [80870] Microsoft Office up to 2016 memory corruption
15125| [80868] Microsoft Office up to 2016 memory corruption
15126| [80867] Microsoft Office up to 2016 memory corruption
15127| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
15128| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
15129| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
15130| [80231] Microsoft Excel up to 2016 Office Document memory corruption
15131| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
15132| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
15133| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
15134| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
15135| [80218] Microsoft Office up to 2016 ASLR privilege escalation
15136| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
15137| [80216] Microsoft Office up to 2016 Office Document memory corruption
15138| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
15139| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
15140| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
15141| [79500] Microsoft Office 2010/2011/2016 memory corruption
15142| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
15143| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
15144| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
15145| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
15146| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
15147| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
15148| [77638] Microsoft Lync Server 2013 cross site scripting
15149| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
15150| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
15151| [77050] Microsoft Office up to 2016 memory corruption
15152| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
15153| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
15154| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
15155| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
15156| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
15157| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
15158| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
15159| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
15160| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
15161| [66976] Microsoft Access 2010 VBA Datatype denial of service
15162| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
15163| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
15164| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
15165| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
15166| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
15167| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
15168| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
15169| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
15170| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
15171| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
15172| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
15173| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
15174| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
15175| [69156] Microsoft Office 2010 Object memory corruption
15176| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
15177| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
15178| [68191] Microsoft SharePoint 2010 cross site scripting
15179| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
15180| [67518] Microsoft Lync 2013 denial of service
15181| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
15182| [67516] Microsoft Lync 2010/2013 denial of service
15183| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
15184| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
15185| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
15186| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
15187| [13228] Microsoft Office 2013 Document privilege escalation
15188| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
15189| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
15190| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
15191| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
15192| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
15193| [12183] Microsoft .NET Framework 2/4 DTD denial of service
15194| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
15195| [11468] Microsoft Exchange 2010/2013 cross site scripting
15196| [11466] Microsoft Office 2013 File Response information disclosure
15197| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
15198| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
15199| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
15200| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
15201| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
15202| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
15203| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
15204| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
15205| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
15206| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
15207| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
15208| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
15209| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
15210| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
15211| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
15212| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
15213| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
15214| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
15215| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
15216| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
15217| [7343] Microsoft Lync 2012 HTTP Format String
15218| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
15219| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
15220| [6831] Microsoft Office Picture Manager 2010 File memory corruption
15221| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
15222| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
15223| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
15224| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
15225| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
15226| [5641] Microsoft SharePoint 2010 cross site scripting
15227| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
15228| [12311] Microsoft Lync 2010 Search race condition
15229| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
15230| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
15231| [60208] Microsoft Visio Viewer 2010 memory corruption
15232| [60207] Microsoft Visio Viewer 2010 memory corruption
15233| [60206] Microsoft Visio Viewer 2010 memory corruption
15234| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
15235| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
15236| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
15237| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
15238| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
15239| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
15240| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
15241| [4424] Microsoft Host Integration Server up to 2010 denial of service
15242| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
15243| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
15244| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
15245| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
15246| [4414] Microsoft SharePoint 2010 cross site scripting
15247| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
15248| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
15249| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
15250| [56028] Microsoft Data Access Components 2.8 memory corruption
15251| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
15252| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
15253| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
15254| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
15255| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
15256| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
15257| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
15258| [4009] Microsoft NET Framework 2.x/3.x denial of service
15259| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
15260| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
15261| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
15262| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
15263| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
15264| [32692] Microsoft XML Core Services up to 2.6 memory corruption
15265| [32691] Microsoft XML Core Services up to 2.6 memory corruption
15266|
15267| MITRE CVE - https://cve.mitre.org:
15268| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
15269| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
15270| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
15271| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
15272| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
15273| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
15274| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
15275| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
15276| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
15277| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
15278| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
15279| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
15280| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
15281| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
15282| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
15283| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
15284| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
15285| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
15286| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
15287| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
15288| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
15289| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
15290| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
15291| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
15292| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
15293| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
15294| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
15295| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
15296| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
15297| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
15298| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
15299| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
15300| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
15301| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
15302| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
15303| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
15304| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
15305| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
15306| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
15307| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
15308| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
15309| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
15310| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
15311| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
15312| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
15313| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
15314| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
15315| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
15316| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
15317| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15318| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15319| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15320| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15321| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15322| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15323| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15324| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15325| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15326| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15327| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15328| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15329| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15330| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15331| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15332| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15333| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15334| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15335| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15336| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15337| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15338| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15339| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15340| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15341| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15342| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15343| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15344| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15345| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15346| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
15347| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
15348| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
15349| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
15350| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
15351| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
15352| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
15353| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
15354| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
15355| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
15356| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
15357| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
15358| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
15359| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
15360| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
15361| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
15362| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
15363| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
15364| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
15365| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
15366| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
15367| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
15368| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
15369| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
15370| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
15371| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
15372| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
15373| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
15374| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
15375| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
15376| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
15377| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
15378| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
15379| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
15380| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
15381| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
15382| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
15383| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
15384| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
15385| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
15386| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
15387| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
15388| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
15389| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
15390| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
15391| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
15392| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
15393| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
15394| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
15395| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
15396| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
15397| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
15398| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
15399| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
15400| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
15401| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
15402| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
15403| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
15404| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
15405| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
15406| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
15407| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
15408| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
15409| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
15410| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
15411| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
15412| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
15413| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
15414| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
15415| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
15416| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
15417| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
15418| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
15419| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
15420| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
15421| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
15422| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
15423| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
15424| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
15425| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
15426| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
15427| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
15428| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
15429| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
15430| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
15431| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
15432| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
15433| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
15434| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
15435| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
15436| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
15437| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
15438| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
15439| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
15440| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
15441| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
15442| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
15443| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
15444| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
15445| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
15446| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
15447| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
15448| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
15449| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
15450| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
15451| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
15452| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
15453| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
15454| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
15455| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
15456| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
15457| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
15458| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
15459| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
15460| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
15461| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
15462| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
15463| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
15464| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
15465| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
15466| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
15467| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
15468| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
15469| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
15470| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
15471| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
15472| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
15473| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
15474| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
15475| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
15476| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
15477| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
15478| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
15479| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
15480| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
15481| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
15482| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
15483| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
15484| [CVE-2011-1990] Microsoft Excel 2007 SP2
15485| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
15486| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
15487| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
15488| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
15489| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
15490| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
15491| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
15492| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
15493| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
15494| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
15495| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
15496| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
15497| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
15498| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
15499| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
15500| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
15501| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
15502| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
15503| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
15504| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
15505| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
15506| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
15507| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
15508| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
15509| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
15510| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
15511| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
15512| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
15513| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
15514| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
15515| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
15516| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
15517| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
15518| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
15519| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
15520| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
15521| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
15522| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
15523| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
15524| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
15525| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
15526| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
15527| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
15528| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
15529| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
15530| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
15531| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
15532| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
15533| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
15534| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
15535| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
15536| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
15537| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
15538| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
15539| [CVE-2011-1275] Microsoft Excel 2002 SP3
15540| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
15541| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
15542| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
15543| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
15544| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
15545| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
15546| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
15547| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
15548| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
15549| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
15550| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
15551| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
15552| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
15553| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
15554| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15555| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15556| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15557| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15558| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15559| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15560| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15561| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15562| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15563| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15564| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15565| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15566| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15567| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15568| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15569| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15570| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15571| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15572| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
15573| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
15574| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
15575| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
15576| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
15577| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15578| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
15579| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15580| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15581| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15582| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15583| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15584| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15585| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15586| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15587| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
15588| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
15589| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
15590| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
15591| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
15592| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
15593| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
15594| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
15595| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
15596| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
15597| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
15598| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
15599| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
15600| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
15601| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
15602| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
15603| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
15604| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
15605| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
15606| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
15607| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
15608| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
15609| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
15610| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
15611| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
15612| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
15613| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
15614| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
15615| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
15616| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
15617| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
15618| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
15619| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
15620| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
15621| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
15622| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
15623| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
15624| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
15625| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
15626| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
15627| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
15628| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
15629| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
15630| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
15631| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
15632| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
15633| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
15634| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
15635| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
15636| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
15637| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
15638| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
15639| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
15640| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
15641| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
15642| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
15643| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
15644| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
15645| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
15646| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
15647| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
15648| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
15649| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
15650| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
15651| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
15652| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
15653| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
15654| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
15655| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
15656| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
15657| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
15658| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
15659| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
15660| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
15661| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
15662| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
15663| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
15664| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
15665| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
15666| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
15667| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
15668| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
15669| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
15670| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
15671| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
15672| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
15673| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
15674| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
15675| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
15676| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
15677| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
15678| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
15679| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
15680| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
15681| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
15682| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
15683| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
15684| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
15685| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
15686| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
15687| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
15688| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
15689| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
15690| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
15691| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
15692| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
15693| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
15694| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
15695| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
15696| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
15697| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
15698| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
15699| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
15700| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
15701| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
15702| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
15703| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
15704| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
15705| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
15706| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
15707| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
15708| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
15709| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
15710| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
15711| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
15712| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
15713| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
15714| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
15715| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
15716| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
15717| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
15718| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
15719| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
15720| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
15721| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
15722| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
15723| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
15724| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
15725| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
15726| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
15727| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
15728| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
15729| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
15730| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
15731| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
15732| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
15733| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
15734| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
15735| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
15736| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
15737| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
15738| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
15739| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
15740| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
15741| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
15742| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
15743| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
15744| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
15745| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
15746| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
15747| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
15748| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
15749| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
15750| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
15751| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
15752| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
15753| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
15754| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
15755| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
15756| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
15757| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
15758| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
15759| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
15760| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
15761| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
15762| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
15763| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
15764| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
15765| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
15766| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
15767| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
15768| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
15769| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
15770| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
15771| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
15772| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
15773| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
15774| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
15775| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
15776| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
15777| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
15778| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
15779| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
15780| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
15781| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
15782| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
15783| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
15784| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
15785| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
15786| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
15787| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
15788| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
15789| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
15790| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
15791| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
15792| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
15793| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
15794| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
15795| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
15796| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
15797| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
15798| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
15799| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
15800| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
15801| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
15802| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
15803| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
15804| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
15805| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
15806| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
15807| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
15808| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
15809| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
15810| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
15811| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
15812| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
15813| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
15814| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
15815| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
15816| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
15817| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
15818| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
15819| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
15820| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
15821| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
15822| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
15823| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
15824| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
15825| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
15826| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
15827| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
15828| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
15829| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
15830| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
15831| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
15832| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
15833| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
15834| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
15835| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
15836| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
15837| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
15838| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
15839| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
15840| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
15841| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
15842| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
15843| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
15844| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
15845| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
15846| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
15847| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
15848| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
15849| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
15850| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
15851| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
15852| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
15853| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
15854| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
15855| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
15856| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
15857| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
15858| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
15859| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
15860| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
15861| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
15862| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
15863| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
15864| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
15865| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
15866| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
15867| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
15868| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
15869| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
15870| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
15871| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
15872| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
15873| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
15874| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
15875| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
15876| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
15877| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
15878| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
15879| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
15880| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
15881| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
15882| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
15883| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
15884| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
15885| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
15886| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
15887| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
15888| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
15889| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
15890| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
15891| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
15892| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
15893| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
15894| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
15895| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
15896| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
15897| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
15898| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
15899| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
15900| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
15901| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
15902| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
15903| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
15904| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
15905| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
15906| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
15907| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
15908| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
15909| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
15910| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
15911| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
15912| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
15913| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
15914| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
15915| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
15916| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
15917| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
15918| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
15919| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
15920| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
15921| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
15922| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
15923| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
15924| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
15925| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
15926| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
15927| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
15928| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
15929| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
15930| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
15931| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
15932| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
15933| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
15934| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
15935| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
15936| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
15937| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
15938| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
15939| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
15940| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
15941| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
15942| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
15943| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
15944| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
15945| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
15946| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
15947| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
15948| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
15949| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
15950| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
15951| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
15952| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
15953| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
15954| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
15955| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
15956| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
15957| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
15958| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
15959| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
15960| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
15961| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
15962| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
15963| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
15964| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
15965| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
15966| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
15967| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
15968| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
15969| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
15970| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
15971| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
15972| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
15973| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
15974| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
15975| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
15976| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
15977| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
15978| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
15979| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
15980| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
15981| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
15982| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
15983| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
15984| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
15985| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
15986| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
15987| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
15988| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
15989| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
15990| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
15991| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
15992| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
15993| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
15994| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
15995| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
15996| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
15997| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
15998| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
15999| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
16000| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
16001| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
16002| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
16003| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
16004| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
16005| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
16006| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
16007| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
16008| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
16009| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
16010| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
16011| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
16012| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
16013| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
16014| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
16015| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
16016| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
16017| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
16018| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
16019| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
16020| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
16021| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
16022| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
16023| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
16024| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
16025| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
16026| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
16027| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
16028| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
16029| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
16030| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
16031| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
16032| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
16033| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
16034| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
16035| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
16036| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
16037| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
16038| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
16039| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
16040| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
16041| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
16042| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
16043| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
16044| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
16045| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
16046| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
16047| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
16048| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
16049| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
16050| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
16051| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
16052| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
16053| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
16054| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
16055| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
16056| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
16057| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
16058| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
16059| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
16060| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
16061| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
16062| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
16063| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
16064| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
16065| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
16066| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
16067| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
16068| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
16069| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
16070| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
16071| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
16072| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
16073| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
16074| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
16075| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
16076| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
16077| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
16078| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
16079| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
16080| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
16081| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
16082| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
16083| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
16084| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
16085| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
16086| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
16087| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
16088| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
16089| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
16090| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
16091| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
16092| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
16093| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
16094| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
16095| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
16096| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
16097| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
16098| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
16099| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
16100| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
16101| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
16102| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
16103| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
16104| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
16105| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
16106| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
16107| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
16108| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
16109| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
16110| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
16111| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
16112| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
16113| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
16114| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
16115| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
16116| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
16117| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
16118| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
16119| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
16120| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
16121| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
16122| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
16123| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
16124| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
16125| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
16126| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
16127| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
16128| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
16129| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
16130| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
16131| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
16132| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
16133| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
16134| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
16135| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
16136| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
16137| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
16138| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
16139| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
16140| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
16141| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
16142| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
16143| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
16144| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
16145| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
16146| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
16147| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
16148| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
16149| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
16150| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
16151| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
16152| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
16153| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
16154| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
16155| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
16156| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
16157| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
16158| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
16159| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
16160| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
16161| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
16162| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
16163| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
16164| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
16165| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
16166| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
16167| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
16168| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
16169| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
16170| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
16171| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
16172| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
16173| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
16174| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
16175| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
16176| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
16177| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
16178| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
16179| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
16180| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
16181| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
16182| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
16183| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
16184| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
16185| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
16186| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
16187| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
16188| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
16189| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
16190| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
16191| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
16192| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
16193| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
16194| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
16195| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
16196| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
16197| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
16198| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
16199| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
16200| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
16201| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
16202| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
16203| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
16204| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
16205| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
16206| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
16207| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
16208| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
16209| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
16210| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
16211| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
16212| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
16213| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
16214| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
16215| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
16216| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
16217| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
16218| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
16219| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
16220| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
16221| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
16222| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
16223| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
16224| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
16225| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
16226| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
16227| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
16228| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
16229| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
16230| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
16231| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
16232| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
16233| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
16234| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
16235| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
16236| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
16237| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
16238| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
16239| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
16240| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
16241| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
16242| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
16243| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
16244| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
16245| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
16246| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
16247| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
16248| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
16249| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
16250| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
16251| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
16252| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
16253| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
16254| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
16255| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
16256| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
16257| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
16258| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
16259| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
16260| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
16261| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
16262| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
16263| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
16264| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
16265| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
16266| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
16267| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
16268| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
16269| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
16270| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
16271| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
16272| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
16273| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
16274| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
16275| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
16276| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
16277| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
16278| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
16279| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
16280| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
16281| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
16282| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
16283| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
16284| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
16285| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
16286| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
16287| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
16288| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
16289| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
16290| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
16291| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
16292| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
16293| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
16294| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
16295| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
16296| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
16297| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
16298| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
16299| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
16300| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
16301| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
16302| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
16303| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
16304| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
16305| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
16306| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
16307| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
16308| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
16309| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
16310| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
16311| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
16312| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
16313| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
16314| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
16315| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
16316| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
16317| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
16318| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
16319| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
16320| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
16321| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
16322| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
16323| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
16324| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
16325| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
16326| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
16327| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
16328| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
16329| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
16330| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
16331| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
16332| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
16333| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
16334| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
16335| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
16336| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
16337| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
16338| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
16339| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
16340| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
16341| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
16342| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
16343| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
16344| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
16345| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
16346| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
16347| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
16348| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
16349| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
16350| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
16351| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
16352| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
16353| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
16354| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
16355| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
16356| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
16357| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
16358| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
16359| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
16360| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
16361| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
16362| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
16363| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
16364| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
16365| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
16366| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
16367| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
16368| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
16369| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
16370| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
16371| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
16372| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
16373| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
16374| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
16375| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
16376| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
16377| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
16378| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
16379| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
16380| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
16381| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
16382| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
16383| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
16384| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
16385| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
16386| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
16387| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
16388| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
16389| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
16390| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
16391| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
16392| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
16393| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
16394| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
16395| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
16396| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
16397| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
16398| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
16399| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
16400| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
16401| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
16402| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
16403| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
16404| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
16405| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
16406| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
16407| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
16408| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
16409| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
16410| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
16411| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
16412| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
16413| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
16414| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
16415| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
16416| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
16417| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
16418| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
16419| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
16420| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
16421| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
16422| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
16423| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
16424| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
16425| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
16426| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
16427| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
16428| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
16429| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
16430| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
16431| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
16432| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
16433| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
16434| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
16435| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
16436| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
16437| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
16438| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
16439| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
16440| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
16441| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
16442| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
16443| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
16444| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
16445| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
16446| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
16447| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
16448| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
16449| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
16450| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
16451| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
16452| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
16453| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
16454| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
16455| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
16456| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
16457| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
16458| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
16459| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
16460| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
16461| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
16462| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
16463| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
16464| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
16465| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
16466| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
16467| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
16468| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
16469| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
16470| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
16471| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
16472| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
16473| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
16474| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
16475| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
16476| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
16477| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
16478| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
16479| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
16480| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
16481| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
16482| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
16483| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
16484| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
16485| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
16486| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
16487| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
16488| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
16489| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
16490| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
16491| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
16492| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
16493| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
16494| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
16495| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
16496| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
16497| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
16498| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
16499| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
16500| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
16501| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
16502| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
16503| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
16504| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
16505| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
16506| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
16507| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
16508| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
16509| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
16510| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
16511| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
16512| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
16513| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
16514| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
16515| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
16516| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
16517| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
16518| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
16519| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
16520| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
16521| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
16522| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
16523| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
16524| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
16525| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
16526| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
16527| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
16528| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
16529| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
16530| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
16531| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
16532| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
16533| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
16534| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
16535| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
16536| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
16537| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
16538| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
16539| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
16540| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
16541| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
16542| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
16543| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
16544| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
16545| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
16546| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
16547| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
16548| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
16549| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
16550| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
16551| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
16552| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
16553| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
16554| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
16555| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
16556| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
16557| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
16558| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
16559| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
16560| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
16561| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
16562| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
16563| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
16564| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
16565| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
16566| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
16567| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
16568| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
16569| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
16570| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
16571| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
16572| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
16573| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
16574| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
16575| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
16576| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
16577| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
16578| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
16579| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
16580| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
16581| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
16582| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
16583| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
16584| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
16585| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
16586| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
16587| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
16588| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
16589| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
16590| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
16591| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
16592| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
16593| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
16594| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
16595| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
16596| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
16597| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
16598| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
16599| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
16600| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
16601| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
16602| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
16603| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
16604| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
16605| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
16606| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
16607| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
16608| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
16609| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
16610| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
16611| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
16612| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
16613| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
16614| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
16615| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
16616| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
16617| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
16618| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
16619| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
16620| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
16621| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
16622| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
16623| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
16624| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
16625| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
16626| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
16627| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
16628| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
16629| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
16630| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
16631| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
16632| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
16633| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
16634| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
16635| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
16636| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
16637| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
16638| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
16639| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
16640| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
16641| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
16642| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
16643| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
16644| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
16645| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
16646| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
16647| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
16648| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
16649| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
16650| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
16651| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
16652| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
16653| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
16654| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
16655| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
16656| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
16657| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
16658| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
16659| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
16660| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
16661| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
16662| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
16663| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
16664| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
16665| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
16666| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
16667| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
16668| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
16669| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
16670| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
16671| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
16672| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
16673| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
16674| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
16675| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
16676| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
16677| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
16678| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
16679| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
16680| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
16681| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
16682| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
16683| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
16684| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
16685| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
16686| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
16687| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
16688| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
16689| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
16690| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
16691| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
16692| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
16693| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
16694| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
16695| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
16696| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
16697| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
16698| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
16699| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
16700| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
16701| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
16702| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
16703| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
16704| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
16705| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
16706| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
16707| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
16708| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
16709| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
16710| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
16711| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
16712| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
16713| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
16714| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
16715| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
16716| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
16717| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
16718| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
16719| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
16720| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
16721| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
16722| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
16723| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
16724| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
16725| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
16726| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
16727| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
16728| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
16729| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
16730| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
16731| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
16732| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
16733| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
16734| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
16735| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
16736| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
16737| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
16738| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
16739| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
16740| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
16741| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
16742| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
16743| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
16744| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
16745| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
16746| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
16747| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
16748| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
16749| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
16750| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
16751| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
16752| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
16753| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
16754| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
16755| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
16756| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
16757| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
16758|
16759| SecurityFocus - https://www.securityfocus.com/bid/:
16760| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
16761| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
16762| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
16763| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
16764| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
16765| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
16766| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
16767| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
16768| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
16769| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
16770| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
16771| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
16772| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
16773| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
16774| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
16775| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
16776| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
16777| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
16778| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
16779| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
16780| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
16781| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
16782| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
16783| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
16784| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
16785| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
16786| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
16787| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
16788| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
16789| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
16790| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
16791| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
16792| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
16793| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
16794| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
16795| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
16796| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
16797| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
16798| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
16799| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
16800| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
16801| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
16802| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
16803| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
16804| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
16805| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
16806| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
16807| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
16808| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
16809| [22716] Microsoft Office 2003 Denial of Service Vulnerability
16810| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
16811| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
16812| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
16813| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
16814| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
16815| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
16816| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
16817| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
16818| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
16819| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
16820| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
16821| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
16822| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
16823| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
16824| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
16825| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
16826| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
16827| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
16828| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
16829| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
16830| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
16831| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
16832| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
16833| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
16834| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
16835| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
16836| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
16837| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
16838| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
16839| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
16840| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
16841| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
16842| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
16843| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
16844| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
16845| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
16846| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
16847| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
16848| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
16849| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
16850| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
16851| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
16852| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
16853| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
16854| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
16855| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
16856| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
16857| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
16858| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
16859| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
16860| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
16861| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
16862| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
16863| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
16864| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
16865| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
16866| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
16867| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
16868| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
16869| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
16870| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
16871| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
16872| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
16873| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
16874| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
16875| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
16876| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
16877| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
16878| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
16879| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
16880| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
16881| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
16882| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
16883| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
16884| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
16885| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
16886| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
16887| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
16888| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
16889| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
16890| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
16891| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
16892| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
16893| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
16894| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
16895| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
16896| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
16897| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
16898| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
16899| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
16900| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
16901| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
16902| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
16903| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
16904| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
16905| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
16906| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
16907| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
16908| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
16909| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
16910| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
16911| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
16912| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
16913| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
16914| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
16915| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
16916| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
16917| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
16918| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
16919| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
16920| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
16921| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
16922| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
16923| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
16924| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
16925| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
16926| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
16927| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
16928| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
16929| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
16930| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
16931| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
16932| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
16933| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
16934| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
16935| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
16936| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
16937| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
16938| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
16939| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
16940| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
16941| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
16942| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
16943| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
16944| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
16945| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
16946| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
16947| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
16948| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
16949| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
16950| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
16951| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
16952| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
16953| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
16954| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
16955| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
16956| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
16957| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
16958| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
16959| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
16960| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
16961| [1197] Microsoft Office 2000 UA Control Vulnerability
16962| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
16963| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
16964| [539] Microsoft Windows 2000 EFS Vulnerability
16965| [180] Microsoft Windows April Fools 2001 Vulnerability
16966| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
16967| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
16968| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
16969| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
16970| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
16971| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
16972| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
16973| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
16974| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
16975| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
16976| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
16977| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
16978| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
16979| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
16980| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
16981| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
16982| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
16983| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
16984| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
16985| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
16986| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
16987| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
16988| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
16989| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
16990| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
16991| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
16992| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
16993| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
16994| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
16995| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
16996| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
16997| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
16998| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
16999| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
17000| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
17001| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
17002| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
17003| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
17004| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
17005| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
17006| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
17007| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
17008| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
17009| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
17010| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
17011| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
17012| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
17013| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
17014| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
17015| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
17016| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
17017| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
17018| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
17019| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
17020| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
17021| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
17022| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
17023| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
17024| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
17025| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
17026| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
17027| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
17028| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
17029| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
17030| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
17031|
17032| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17033| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
17034| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
17035| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
17036| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
17037| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
17038| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
17039| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
17040| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
17041| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
17042| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
17043| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
17044| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
17045| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
17046| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
17047| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
17048| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
17049| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
17050| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
17051| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
17052| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
17053| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
17054| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
17055| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
17056| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
17057| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
17058| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
17059| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
17060| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
17061| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
17062| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
17063| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
17064| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
17065| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
17066| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
17067| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
17068| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
17069| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
17070| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
17071| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
17072| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
17073| [48595] Microsoft Word 2007 Email as PDF information disclosure
17074| [46102] Microsoft Windows 2003 SP2 is not installed on the system
17075| [46101] Microsoft Windows 2003 SP1 is not installed on the system
17076| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
17077| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
17078| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
17079| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
17080| [34599] Microsoft Windows Server 2003 terminal server security bypass
17081| [34473] Microsoft Office 2000 ActiveX control buffer overflow
17082| [33713] Microsoft Word 2007 multiple unspecified denial of service
17083| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
17084| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
17085| [31821] Microsoft Windows time zone update for year 2007
17086| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
17087| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
17088| [29546] Microsoft Windows 2000/2003 user logoff initiated
17089| [29545] Microsoft Windows 2000/2003 system time changed
17090| [29544] Microsoft Windows 2000/2003 system security access removed
17091| [29543] Microsoft Windows 2000/2003 security access granted
17092| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
17093| [29541] Microsoft Windows 2000/2003 primary security token issued
17094| [29540] Microsoft Windows 2000/2003 user password reset successful
17095| [29539] Microsoft Windows 2000/2003 object indirectly accessed
17096| [29538] Microsoft Windows 2000/2003 object handle duplicated
17097| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
17098| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
17099| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
17100| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
17101| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
17102| [29532] Microsoft Windows 2000/2003 IKE security association established
17103| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
17104| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
17105| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
17106| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
17107| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
17108| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
17109| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
17110| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
17111| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
17112| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
17113| [29521] Microsoft Windows 2000/2003 account name changed
17114| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
17115| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
17116| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
17117| [26118] Microsoft Office 2003 mailto: information disclosure
17118| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
17119| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
17120| [24473] Microsoft Windows 2000 event ID 565 not logged
17121| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
17122| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
17123| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
17124| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
17125| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
17126| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
17127| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
17128| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
17129| [22183] Microsoft Exchange Server 2003 public folder denial of service
17130| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
17131| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
17132| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
17133| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
17134| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
17135| [19629] Microsoft Exchange Server 2003 folder denial of service
17136| [17826] Microsoft Outlook 2003 CID security bypass
17137| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
17138| [17621] Microsoft Windows 2003 SMTP service code execution
17139| [17560] Microsoft Windows 2000 and XP GDI library denial of service
17140| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
17141| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
17142| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
17143| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
17144| [16907] Microsoft Windows 2003 users with Create global objects privilege
17145| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
17146| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
17147| [16704] Microsoft Windows 2000 Media Player control code execution
17148| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
17149| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
17150| [16570] Microsoft Windows 2003 Users with Create global objects privilege
17151| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
17152| [16562] Microsoft Windows 2003 Groups with "
17153| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
17154| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
17155| [16520] Microsoft Windows 2003 Create global objects privilege
17156| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
17157| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
17158| [16119] Microsoft Outlook 2000 URL spoofing
17159| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
17160| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
17161| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
17162| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
17163| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
17164| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
17165| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
17166| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
17167| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
17168| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
17169| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
17170| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
17171| [13426] Microsoft Windows 2000 and XP RPC race condition
17172| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
17173| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
17174| [13385] Microsoft Windows Server 2003 "
17175| [13211] Microsoft Windows 2000 and XP URG memory leak
17176| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
17177| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
17178| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
17179| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
17180| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
17181| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
17182| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
17183| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
17184| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
17185| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
17186| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
17187| [11901] Microsoft BizTalk Server 2002 SQL injection
17188| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
17189| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
17190| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
17191| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
17192| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
17193| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
17194| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
17195| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
17196| [11216] Microsoft Windows NT and 2000 command prompt denial of service
17197| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
17198| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
17199| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
17200| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
17201| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
17202| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
17203| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
17204| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
17205| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
17206| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
17207| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
17208| [9779] Microsoft Windows 2000 weak system partition permissions
17209| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
17210| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
17211| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
17212| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
17213| [8867] Microsoft Windows 2000 LanMan denial of service
17214| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
17215| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
17216| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
17217| [8739] Microsoft Windows 2000 DCOM memory leak
17218| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
17219| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
17220| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
17221| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
17222| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
17223| [8199] Microsoft Windows 2000 Terminal Services unlocked client
17224| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
17225| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
17226| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
17227| [8037] Microsoft Windows 2000 empty TCP packet denial of service
17228| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
17229| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
17230| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
17231| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
17232| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
17233| [7533] Microsoft Windows 2000 RunAs service denial of service
17234| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
17235| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
17236| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
17237| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
17238| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
17239| [7008] Microsoft Windows 2000 IrDA device denial of service
17240| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
17241| [6931] Microsoft Windows 2000 without Service Pack 2
17242| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
17243| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
17244| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
17245| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
17246| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
17247| [6669] Microsoft Windows 2000 Telnet system call denial of service
17248| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
17249| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
17250| [6666] Microsoft Windows 2000 Telnet username denial of service
17251| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
17252| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
17253| [6652] Microsoft Exchange 2000 OWA script execution
17254| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
17255| [6506] Microsoft Windows 2000 Server Kerberos denial of service
17256| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
17257| [6160] Microsoft Windows 2000 event viewer buffer overflow
17258| [6136] Microsoft Windows 2000 domain controller denial of service
17259| [6035] Microsoft Windows 2000 Server RDP denial of service
17260| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
17261| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
17262| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
17263| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
17264| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
17265| [5585] Microsoft Windows 2000 brute force attack
17266| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
17267| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
17268| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
17269| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
17270| [5263] Microsoft Office 2000 executes .dll without users knowledge
17271| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
17272| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
17273| [5203] Microsoft Windows 2000 still image service
17274| [5171] Microsoft Windows 2000 Local Security Policy corruption
17275| [5080] Microsoft Office 2000 HTML object tag buffer overflow
17276| [5033] Microsoft Windows 2000 without Service Pack 1
17277| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
17278| [5015] Microsoft Windows NT and 2000 executable path
17279| [4887] Microsoft Windows 2000 Kerberos ticket renewed
17280| [4886] Microsoft Windows 2000 logon session reconnected
17281| [4885] Microsoft Windows 2000 logon session disconnected
17282| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
17283| [4873] Microsoft Windows 2000 user account mapped for logon
17284| [4872] Microsoft Windows 2000 account logon failed
17285| [4871] Microsoft Windows 2000 account used for logon
17286| [4855] Microsoft Windows 2000 group type change
17287| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
17288| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
17289| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
17290| [4819] Microsoft Windows 2000 default SYSKEY configuration
17291| [4787] Microsoft Windows 2000 user account locked out
17292| [4786] Microsoft Windows 2000 computer account created
17293| [4785] Microsoft Windows 2000 computer account changed
17294| [4784] Microsoft Windows 2000 computer account deleted
17295| [4714] Microsoft Windows 2000 "
17296| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
17297| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
17298| [4138] Microsoft Windows 2000 system file integrity feature is disabled
17299| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
17300| [4085] Microsoft Windows 2000 non-Gregorial calendar error
17301| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
17302| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
17303| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
17304| [4080] Microsoft Windows 2000 AOL image support
17305| [4079] Microsoft Windows 2000 High Encryption Pack
17306| [3854] Microsoft Office 2000 security setting
17307| [1376] Microsoft Proxy 2.0 denial of service
17308| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
17309| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
17310| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
17311| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
17312| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
17313| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
17314| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
17315| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
17316| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
17317| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
17318| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
17319| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
17320| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
17321| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
17322| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
17323| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
17324| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
17325| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
17326| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
17327| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
17328| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
17329| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
17330| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
17331| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
17332| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
17333| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
17334| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
17335| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
17336| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
17337| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
17338| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
17339| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
17340| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
17341| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
17342| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
17343| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
17344| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
17345| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
17346| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
17347| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
17348| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
17349| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
17350| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
17351| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
17352| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
17353| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
17354| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
17355| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
17356| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
17357| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
17358| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
17359| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
17360| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
17361| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
17362| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
17363| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
17364| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
17365| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
17366| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
17367| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
17368| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
17369| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
17370| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
17371| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
17372| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
17373| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
17374| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
17375| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
17376| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
17377| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
17378| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
17379| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
17380| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
17381| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
17382| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
17383| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
17384| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
17385| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
17386| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
17387| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
17388| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
17389| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
17390| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
17391| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
17392| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
17393| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
17394| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
17395| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
17396| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
17397| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
17398| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
17399| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
17400| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
17401| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
17402| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
17403| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
17404| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
17405| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
17406| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
17407| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
17408| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
17409| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
17410| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
17411| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
17412| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
17413| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
17414| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
17415| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
17416| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
17417| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
17418| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
17419| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
17420| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
17421| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
17422| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
17423| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
17424| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
17425| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
17426| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
17427| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
17428| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
17429| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
17430| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
17431| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
17432| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
17433| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
17434| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
17435| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
17436| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
17437| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
17438| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
17439| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
17440| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
17441| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
17442| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
17443| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
17444| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
17445| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
17446| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
17447| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
17448| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
17449| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
17450| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
17451| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
17452| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
17453| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
17454| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
17455| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
17456| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
17457| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
17458| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
17459| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
17460| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
17461| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
17462| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
17463| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
17464| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
17465| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
17466| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
17467| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
17468| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
17469| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
17470| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
17471| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
17472| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
17473| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
17474| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
17475| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
17476| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
17477| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
17478| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
17479| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
17480| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
17481| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
17482| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
17483| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
17484| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
17485| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
17486| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
17487| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
17488| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
17489| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
17490| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
17491| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
17492| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
17493| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
17494| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
17495| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
17496| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
17497| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
17498| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
17499| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
17500| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
17501| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
17502| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
17503| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
17504| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
17505| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
17506| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
17507| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
17508| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
17509| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
17510| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
17511| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
17512| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
17513| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
17514| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
17515| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
17516| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
17517| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
17518| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
17519| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
17520| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
17521| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
17522| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
17523| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
17524| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
17525| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
17526| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
17527| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
17528| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
17529| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
17530| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
17531| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
17532| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
17533| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
17534| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
17535| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
17536| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
17537| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
17538| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
17539| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
17540| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
17541| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
17542| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
17543| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
17544| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
17545| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
17546| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
17547| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
17548| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
17549| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
17550| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
17551| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
17552| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
17553| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
17554| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
17555| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
17556| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
17557| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
17558| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
17559| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
17560| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
17561| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
17562| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
17563| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
17564| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
17565| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
17566| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
17567| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
17568| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
17569| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
17570| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
17571| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
17572| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
17573| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
17574| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
17575| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
17576| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
17577| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
17578| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
17579| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
17580| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
17581| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
17582| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
17583| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
17584| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
17585| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
17586| [9146] Microsoft Passport SDK 2.1 events reporting disabled
17587| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
17588| [9067] Microsoft Passport SDK 2.1 default test site exposure
17589| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
17590| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
17591| [9064] Microsoft Passport SDK 2.1 default time window exposure
17592| [1271] Microsoft IIS version 2 installed
17593| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
17594|
17595| Exploit-DB - https://www.exploit-db.com:
17596| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
17597| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
17598| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
17599| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
17600| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
17601| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
17602| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
17603| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
17604| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
17605| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
17606| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
17607| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
17608| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
17609| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
17610| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
17611| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
17612| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
17613| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
17614| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
17615| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
17616| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
17617| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
17618| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
17619| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
17620| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
17621| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
17622| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
17623| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
17624| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
17625| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
17626| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
17627| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
17628| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
17629| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
17630| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
17631| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
17632| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
17633| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
17634| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
17635| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
17636| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
17637| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
17638| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
17639| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
17640| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
17641| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
17642| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
17643| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
17644| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
17645| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
17646| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
17647| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
17648| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
17649| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
17650| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
17651| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
17652| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
17653| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
17654| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
17655| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
17656| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
17657| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
17658| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
17659| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
17660| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
17661| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
17662| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
17663| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
17664| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
17665| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
17666| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
17667| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
17668| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
17669| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
17670| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
17671| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
17672| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
17673| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
17674| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
17675| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
17676| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
17677| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
17678| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
17679| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
17680| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
17681| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
17682| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
17683| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
17684| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
17685| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
17686| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
17687| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
17688| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
17689| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
17690| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
17691| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
17692| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
17693| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
17694| [18334] Microsoft Office 2003 Home/Pro 0day
17695| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
17696| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
17697| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
17698| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
17699| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
17700| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
17701| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
17702| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
17703| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
17704| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
17705| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
17706| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
17707| [3690] microsoft office word 2007 - Multiple Vulnerabilities
17708| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
17709| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
17710| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
17711| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
17712| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
17713| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
17714| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
17715| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
17716| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
17717| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
17718| [22850] Microsoft Office OneNote 2010 Crash PoC
17719| [22679] Microsoft Visio 2010 Crash PoC
17720| [22655] Microsoft Publisher 2013 Crash PoC
17721| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
17722| [22330] Microsoft Office Excel 2010 Crash PoC
17723| [22310] Microsoft Office Publisher 2010 Crash PoC
17724| [22237] Microsoft Office Picture Manager 2010 Crash PoC
17725| [22215] Microsoft Office Word 2010 Crash PoC
17726| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
17727| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
17728| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
17729| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
17730| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
17731| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
17732| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
17733| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
17734| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
17735| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
17736|
17737| OpenVAS (Nessus) - http://www.openvas.org:
17738| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
17739| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
17740| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
17741| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
17742| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
17743| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
17744| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
17745| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
17746| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
17747| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
17748| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
17749| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
17750| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
17751|
17752| SecurityTracker - https://www.securitytracker.com:
17753| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
17754| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
17755| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
17756| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
17757| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
17758| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
17759| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
17760| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
17761| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
17762| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
17763| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
17764| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
17765| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
17766| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
17767| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
17768| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
17769| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
17770| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
17771| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
17772| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
17773| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
17774| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
17775| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
17776| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
17777| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
17778| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
17779| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
17780| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
17781| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
17782| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
17783| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
17784| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
17785| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
17786| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
17787| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
17788| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
17789| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
17790| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
17791| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
17792| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
17793| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
17794| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
17795| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
17796| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
17797| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
17798| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
17799| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
17800| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
17801| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
17802| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
17803| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
17804| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
17805| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
17806| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
17807| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
17808| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
17809| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
17810| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
17811| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
17812|
17813| OSVDB - http://www.osvdb.org:
17814| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
17815| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
17816| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
17817| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
17818| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
17819| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
17820| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
17821| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
17822| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
17823| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
17824| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
17825| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
17826| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
17827| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
17828| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
17829| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
17830| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
17831| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
17832| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
17833| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
17834| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
17835| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
17836| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
17837| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
17838| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
17839| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
17840| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
17841| [28539] Microsoft Word 2000 Unspecified Code Execution
17842| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
17843| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
17844| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
17845| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
17846| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
17847| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
17848| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
17849| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
17850| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
17851| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
17852| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
17853| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
17854| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
17855| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
17856| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
17857| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
17858| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
17859| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
17860| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
17861| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
17862| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
17863| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
17864| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
17865| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
17866| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
17867| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
17868| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
17869| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
17870| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
17871| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
17872| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
17873| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
17874| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
17875| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
17876| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
17877| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
17878| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
17879| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
17880| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
17881| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
17882| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
17883| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
17884| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
17885| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
17886| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
17887| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
17888| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
17889| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
17890| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
17891| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
17892| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
17893| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
17894| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
17895| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
17896| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
17897| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
17898| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
17899| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
17900| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
17901| [8243] Microsoft SMS Port 2702 DoS
17902| [7202] Microsoft PowerPoint 2000 File Loader Overflow
17903| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
17904| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
17905| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
17906| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
17907| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
17908| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
17909| [6965] Microsoft ISA Server 2000 SSL Packet DoS
17910| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
17911| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
17912| [5179] Microsoft Windows 2000 microsoft-ds DoS
17913| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
17914| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
17915| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
17916| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
17917| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
17918| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
17919| [4168] Microsoft Outlook 2002 mailto URI Script Injection
17920| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
17921| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
17922| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
17923| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
17924| [2244] Microsoft Windows 2000 ShellExecute() API Let
17925| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
17926| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
17927| [1764] Microsoft Windows 2000 Domain Controller DoS
17928| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
17929| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
17930| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
17931| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
17932| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
17933| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
17934| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
17935| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
17936| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
17937| [1399] Microsoft Windows 2000 Windows Station Access
17938| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
17939| [1297] Microsoft Windows 2000 Active Directory Object Attribute
17940| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
17941| [773] Microsoft Windows 2000 Group Policy File Lock DoS
17942| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
17943| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
17944| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
17945| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
17946| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
17947| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
17948|_
17949445/tcp closed microsoft-ds
17950Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
17951#######################################################################################################################################
17952 Anonymous JTSEC #OpTurkey Full Recon #2