· 6 years ago · Aug 12, 2019, 03:19 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.alharbitelecom.com ISP Alharbi International for Telecom
4Continent Asia Flag
5SA
6Country Saudi Arabia Country Code SA
7Region Unknown Local time 12 Aug 2019 05:12 +03
8City Unknown Postal Code Unknown
9IP Address 62.3.25.22 Latitude 25
10 Longitude 45
11
12=======================================================================================================================================
13######################################################################################################################################
14> www.alharbitelecom.com
15Server: 27.50.70.139
16Address: 27.50.70.139#53
17
18Non-authoritative answer:
19Name: www.alharbitelecom.com
20Address: 62.3.25.22
21>
22#######################################################################################################################################
23 Domain Name: ALHARBITELECOM.COM
24 Registry Domain ID: 26162365_DOMAIN_COM-VRSN
25 Registrar WHOIS Server: whois.domain.com
26 Registrar URL: http://www.domain.com
27 Updated Date: 2019-04-01T06:49:29Z
28 Creation Date: 2000-05-02T07:46:31Z
29 Registry Expiry Date: 2021-05-02T07:46:31Z
30 Registrar: Domain.com, LLC
31 Registrar IANA ID: 886
32 Registrar Abuse Contact Email: compliance@domain-inc.net
33 Registrar Abuse Contact Phone: 602-226-2389
34 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
35 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
36 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
37 Name Server: NS1.ALHARBITELECOM.COM
38 Name Server: NS2.ALHARBITELECOM.COM
39 DNSSEC: unsigned
40#####################################################################################################################################
41Domain Name: ALHARBITELECOM.COM
42Registry Domain ID: 26162365_DOMAIN_COM-VRSN
43Registrar WHOIS Server: whois.domain.com
44Registrar URL: www.domain.com
45Updated Date: 2019-04-01T06:49:29
46Creation Date: 2000-05-02T07:46:31
47Registrar Registration Expiration Date: 2021-05-02T07:46:31
48Registrar: Domain.com, LLC
49Registrar IANA ID: 886
50Reseller: Dotster.com
51Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
52Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
53Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
54Registry Registrant ID:
55Registrant Name: Domain Privacy Service FBO Registrant.
56Registrant Organization: Domain Privacy Service FBO Registrant.
57Registrant Street: 10 Corporate Drive
58Registrant City: Burlington
59Registrant State/Province: MA
60Registrant Postal Code: 01803
61Registrant Country: US
62Registrant Phone: +1.6027165339
63Registrant Phone Ext:
64Registrant Fax:
65Registrant Fax Ext:
66Registrant Email: alharbitelecom.com@domainprivacygroup.com
67Registry Admin ID:
68Admin Name: Domain Privacy Service FBO Registrant.
69Admin Organization: Domain Privacy Service FBO Registrant.
70Admin Street: 10 Corporate Drive
71Admin City: Burlington
72Admin State/Province: MA
73Admin Postal Code: 01803
74Admin Country: US
75Admin Phone: +1.6027165339
76Admin Phone Ext:
77Admin Fax:
78Admin Fax Ext:
79Admin Email: alharbitelecom.com@domainprivacygroup.com
80Registry Tech ID:
81Tech Name: Domain Privacy Service FBO Registrant.
82Tech Organization: Domain Privacy Service FBO Registrant.
83Tech Street: 10 Corporate Drive
84Tech City: Burlington
85Tech State/Province: MA
86Tech Postal Code: 01803
87Tech Country: US
88Tech Phone: +1.6027165339
89Tech Phone Ext:
90Tech Fax:
91Tech Fax Ext:
92Tech Email: alharbitelecom.com@domainprivacygroup.com
93Name Server: ns1.alharbitelecom.com
94Name Server: ns2.alharbitelecom.com
95DNSSEC: unsigned
96Registrar Abuse Contact Email: compliance@domain-inc.net
97Registrar Abuse Contact Phone: +1.6027165396
98#####################################################################################################################################
99[+] Target : www.alharbitelecom.com
100
101[+] IP Address : 62.3.25.22
102
103[+] Headers :
104
105[+] Cache-Control : private
106[+] Content-Type : text/html; charset=utf-8
107[+] ETag : ""
108[+] Server : Microsoft-IIS/7.0
109[+] X-AspNetWebPages-Version : 2.0
110[+] X-AspNet-Version : 4.0.30319
111[+] X-Powered-By : ASP.NET
112[+] Date : Mon, 12 Aug 2019 02:43:22 GMT
113[+] Content-Length : 16892
114
115[+] SSL Certificate Information :
116
117[-] SSL is not Present on Target URL...Skipping...
118
119[+] Whois Lookup :
120
121[+] NIR : None
122[+] ASN Registry : ripencc
123[+] ASN : 39432
124[+] ASN CIDR : 62.3.25.0/24
125[+] ASN Country Code : SA
126[+] ASN Date : 2000-07-21
127[+] ASN Description : AHI-AS, SA
128[+] cidr : 62.3.25.0/24
129[+] name : AHT-NOC
130[+] handle : ARA2011-RIPE
131[+] range : 62.3.25.0 - 62.3.25.255
132[+] description : AlHarbi NOC IP Range
133[+] country : SA
134[+] state : None
135[+] city : None
136[+] address : AlHarbi Telecom - SA
137[+] postal_code : None
138[+] emails : None
139[+] created : 2011-11-02T12:26:45Z
140[+] updated : 2011-11-02T12:26:45Z
141
142[+] Crawling Target...
143
144[+] Looking for robots.txt........[ Not Found ]
145[+] Looking for sitemap.xml.......[ Not Found ]
146[+] Extracting CSS Links..........[ 2 ]
147[+] Extracting Javascript Links...[ 6 ]
148[+] Extracting Internal Links.....[ 1 ]
149[+] Extracting External Links.....[ 2 ]
150[+] Extracting Images.............[ 3 ]
151
152[+] Total Links Extracted : 14
153
154[+] Dumping Links in /opt/FinalRecon/dumps/www.alharbitelecom.com.dump
155[+] Completed!
156######################################################################################################################################
157[+] Starting At 2019-08-11 22:23:06.703675
158[+] Collecting Information On: http://www.alharbitelecom.com/
159[#] Status: 200
160--------------------------------------------------
161[#] Web Server Detected: Microsoft-IIS/7.0
162[#] X-Powered-By: ASP.NET
163[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
164- Cache-Control: private
165- Content-Type: text/html; charset=utf-8
166- ETag: ""
167- Server: Microsoft-IIS/7.0
168- X-AspNetWebPages-Version: 2.0
169- X-AspNet-Version: 4.0.30319
170- X-Powered-By: ASP.NET
171- Date: Mon, 12 Aug 2019 02:46:02 GMT
172- Content-Length: 16892
173--------------------------------------------------
174[#] Finding Location..!
175[#] as:
176[#] city: Riyadh
177[#] country: Saudi Arabia
178[#] countryCode: SA
179[#] isp: Al Harbi Telecommunications
180[#] lat: 24.6734
181[#] lon: 46.6885
182[#] org: AlHarbi Telecom - SA
183[#] query: 62.3.25.22
184[#] region: 01
185[#] regionName: Ar Riyāḑ
186[#] status: success
187[#] timezone: Asia/Riyadh
188[#] zip:
189--------------------------------------------------
190[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
191--------------------------------------------------
192[#] Starting Reverse DNS
193[-] Failed ! Fail
194--------------------------------------------------
195[!] Scanning Open Port
196[#] 80/tcp open http
197--------------------------------------------------
198[+] Collecting Information Disclosure!
199[#] Detecting sitemap.xml file
200[-] sitemap.xml file not Found!?
201[#] Detecting robots.txt file
202[-] robots.txt file not Found!?
203[#] Detecting GNU Mailman
204[-] GNU Mailman App Not Detected!?
205--------------------------------------------------
206[+] Crawling Url Parameter On: http://www.alharbitelecom.com/
207--------------------------------------------------
208[#] Searching Html Form !
209[+] Html Form Discovered
210[#] action: None
211[#] class: None
212[#] id: email_subscription
213[#] method: None
214--------------------------------------------------
215[!] Found 2 dom parameter
216[#] http://www.alharbitelecom.com//#
217[#] http://www.alharbitelecom.com//#
218--------------------------------------------------
219[-] No internal Dynamic Parameter Found!?
220--------------------------------------------------
221[-] No external Dynamic Paramter Found!?
222--------------------------------------------------
223[!] 35 Internal links Discovered
224[+] http://www.alharbitelecom.com//css/layerslider.css
225[+] http://www.alharbitelecom.com//images/favicon.ico
226[+] http://www.alharbitelecom.com//images/apple-touch-icon-144-precomposed.png
227[+] http://www.alharbitelecom.com//images/apple-touch-icon-114-precomposed.png
228[+] http://www.alharbitelecom.com//images/apple-touch-icon-72-precomposed.png
229[+] http://www.alharbitelecom.com//images/apple-touch-icon-57-precomposed.png
230[+] http://www.alharbitelecom.com///css/aht.stylesheet.min.css
231[+] http://www.alharbitelecom.com//css/font-awesome-ie7.min.css
232[+] http://www.alharbitelecom.com//home
233[+] http://www.alharbitelecom.com//about
234[+] http://www.alharbitelecom.com//commercial-services
235[+] http://www.alharbitelecom.com//defense-services
236[+] http://www.alharbitelecom.com//termsAndConditions
237[+] http://www.alharbitelecom.com//network
238[+] http://www.alharbitelecom.com//phosphate-KSA-gallery
239[+] http://www.alharbitelecom.com//aht-support-centre-gallery
240[+] http://www.alharbitelecom.com//view-of-aht
241[+] http://www.alharbitelecom.com//careers
242[+] http://www.alharbitelecom.com//support
243[+] http://www.alharbitelecom.com//termsAndConditions
244[+] http://www.alharbitelecom.com//codeofEthics
245[+] http://www.alharbitelecom.com//contact
246[+] https://webmail.alharbitelecom.com/owa
247[+] http://www.alharbitelecom.com//about
248[+] http://www.alharbitelecom.com//commercial-services
249[+] http://www.alharbitelecom.com//support
250[+] http://www.alharbitelecom.com//mailto:sales@alharbitelecom.com
251[+] http://www.alharbitelecom.com//./contact
252[+] http://www.alharbitelecom.com/
253[+] http://www.alharbitelecom.com//home
254[+] http://www.alharbitelecom.com//about
255[+] http://www.alharbitelecom.com//careers
256[+] http://www.alharbitelecom.com//faq
257[+] http://www.alharbitelecom.com//contact
258[+] https://webmail.alharbitelecom.com/owa
259--------------------------------------------------
260[!] 1 External links Discovered
261[#] http://www.linkedin.com/company/al-harbi-telecom
262--------------------------------------------------
263[#] Mapping Subdomain..
264[!] Found 14 Subdomain
265- mail.ryh.alharbitelecom.com
266- cust-gw-1.ryh.alharbitelecom.com
267- cust-gw-l3.ryh.alharbitelecom.com
268- cust-p2p-gw1.ryh.alharbitelecom.com
269- gw-1.ryh.alharbitelecom.com
270- ns1.alharbitelecom.com
271- ns2.alharbitelecom.com
272- proxy.ryh.alharbitelecom.com
273- proxy2.ryh.alharbitelecom.com
274- sftp.alharbitelecom.com
275- support-ryd.alharbitelecom.com
276- webmail.alharbitelecom.com
277- alharbitelecom.com
278- www.alharbitelecom.com
279--------------------------------------------------
280[!] Done At 2019-08-11 22:23:49.940157
281######################################################################################################################################
282[i] Scanning Site: http://www.alharbitelecom.com
283
284
285
286B A S I C I N F O
287====================
288
289
290[+] Site Title: Al Harbi Telecom - Home Page
291[+] IP address: 62.3.25.22
292[+] Web Server: Microsoft-IIS/7.0
293[+] CMS: Could Not Detect
294[+] Cloudflare: Not Detected
295[+] Robots File: Could NOT Find robots.txt!
296
297
298
299
300W H O I S L O O K U P
301========================
302
303 Domain Name: ALHARBITELECOM.COM
304 Registry Domain ID: 26162365_DOMAIN_COM-VRSN
305 Registrar WHOIS Server: whois.domain.com
306 Registrar URL: http://www.domain.com
307 Updated Date: 2019-04-01T06:49:29Z
308 Creation Date: 2000-05-02T07:46:31Z
309 Registry Expiry Date: 2021-05-02T07:46:31Z
310 Registrar: Domain.com, LLC
311 Registrar IANA ID: 886
312 Registrar Abuse Contact Email: compliance@domain-inc.net
313 Registrar Abuse Contact Phone: 602-226-2389
314 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
315 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
316 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
317 Name Server: NS1.ALHARBITELECOM.COM
318 Name Server: NS2.ALHARBITELECOM.COM
319 DNSSEC: unsigned
320 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
321>>> Last update of whois database: 2019-08-12T02:20:50Z <<<
322
323For more information on Whois status codes, please visit https://icann.org/epp
324
325
326
327The Registry database contains ONLY .COM, .NET, .EDU domains and
328Registrars.
329
330
331
332
333G E O I P L O O K U P
334=========================
335
336[i] IP Address: 62.3.25.22
337[i] Country: Saudi Arabia
338[i] State:
339[i] City:
340[i] Latitude: 25.0
341[i] Longitude: 45.0
342
343
344
345
346H T T P H E A D E R S
347=======================
348
349
350[i] HTTP/1.1 200 OK
351[i] Cache-Control: private
352[i] Content-Type: text/html; charset=utf-8
353[i] ETag: ""
354[i] Server: Microsoft-IIS/7.0
355[i] X-AspNetWebPages-Version: 2.0
356[i] X-AspNet-Version: 4.0.30319
357[i] X-Powered-By: ASP.NET
358[i] Date: Mon, 12 Aug 2019 02:43:53 GMT
359[i] Connection: close
360[i] Content-Length: 16892
361
362
363
364
365D N S L O O K U P
366===================
367
368alharbitelecom.com. 3599 IN A 62.3.25.22
369alharbitelecom.com. 3599 IN NS ns2.alharbitelecom.com.
370alharbitelecom.com. 3599 IN NS ns1.alharbitelecom.com.
371alharbitelecom.com. 3599 IN SOA ns1.alharbitelecom.com. tim.sky2net.com. 2004093228 7200 720 1296000 3600
372alharbitelecom.com. 3599 IN MX 10 webmail.alharbitelecom.com.
373alharbitelecom.com. 3599 IN TXT "v=spf1 a mx ip4:62.3.63.101 ~all"
374
375
376
377
378S U B N E T C A L C U L A T I O N
379====================================
380
381Address = 62.3.25.22
382Network = 62.3.25.22 / 32
383Netmask = 255.255.255.255
384Broadcast = not needed on Point-to-Point links
385Wildcard Mask = 0.0.0.0
386Hosts Bits = 0
387Max. Hosts = 1 (2^0 - 0)
388Host Range = { 62.3.25.22 - 62.3.25.22 }
389
390
391
392N M A P P O R T S C A N
393============================
394
395Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 02:21 UTC
396Nmap scan report for alharbitelecom.com (62.3.25.22)
397Host is up (0.16s latency).
398rDNS record for 62.3.25.22: www.makkahgroup.com
399
400PORT STATE SERVICE
40121/tcp filtered ftp
40222/tcp filtered ssh
40323/tcp filtered telnet
40480/tcp open http
405110/tcp filtered pop3
406143/tcp filtered imap
407443/tcp filtered https
4083389/tcp filtered ms-wbt-server
409
410Nmap done: 1 IP address (1 host up) scanned in 3.43 seconds
411
412
413
414S U B - D O M A I N F I N D E R
415==================================
416
417
418[i] Total Subdomains Found : 13
419
420[+] Subdomain: ns1.alharbitelecom.com
421[-] IP: 62.3.25.23
422
423[+] Subdomain: ns2.alharbitelecom.com
424[-] IP: 62.3.38.22
425
426[+] Subdomain: support-ryd.alharbitelecom.com
427[-] IP: 62.3.25.27
428
429[+] Subdomain: gw-1.ryh.alharbitelecom.com
430[-] IP: 62.3.63.1
431
432[+] Subdomain: cust-gw-1.ryh.alharbitelecom.com
433[-] IP: 62.3.0.1
434
435[+] Subdomain: cust-p2p-gw1.ryh.alharbitelecom.com
436[-] IP: 62.3.0.2
437
438[+] Subdomain: proxy2.ryh.alharbitelecom.com
439[-] IP: 62.3.0.5
440
441[+] Subdomain: cust-gw-l3.ryh.alharbitelecom.com
442[-] IP: 62.3.0.3
443
444[+] Subdomain: mail.ryh.alharbitelecom.com
445[-] IP: 62.3.63.9
446
447[+] Subdomain: proxy.ryh.alharbitelecom.com
448[-] IP: 62.3.63.25
449
450[+] Subdomain: webmail.alharbitelecom.com
451[-] IP: 62.3.63.101
452
453[+] Subdomain: sftp.alharbitelecom.com
454[-] IP: 62.3.25.26
455
456[+] Subdomain: www.alharbitelecom.com
457[-] IP: 62.3.25.22
458#####################################################################################################################################
459[INFO] ------TARGET info------
460[*] TARGET: http://www.alharbitelecom.com/
461[*] TARGET IP: 62.3.25.22
462[INFO] NO load balancer detected for www.alharbitelecom.com...
463[*] DNS servers: ns1.alharbitelecom.com.
464[*] TARGET server: Microsoft-IIS/7.0
465[*] CC: SA
466[*] Country: Saudi Arabia
467[*] RegionCode: 01
468[*] RegionName: Ar Riyāḑ
469[*] City: Riyadh
470[*] ASN: AS39432
471[*] BGP_PREFIX: 62.3.25.0/24
472[*] ISP: AHI-AS Alharbi International for Telecom, SA
473[INFO] DNS enumeration:
474[*] ns1.alharbitelecom.com 62.3.25.23
475[*] ns2.alharbitelecom.com 62.3.38.22
476[*] webmail.alharbitelecom.com 62.3.63.101
477[INFO] Possible abuse mails are:
478[*] abuse@alharbitelecom.com
479[*] chris@sky2net.com
480[*] tim@sky2net.com
481[INFO] NO PAC (Proxy Auto Configuration) file FOUND
482[INFO] Starting FUZZing in http://www.alharbitelecom.com/FUzZzZzZzZz...
483[INFO] Status code Folders
484[ALERT] Look in the source code. It may contain passwords
485[INFO] Links found from http://www.alharbitelecom.com/ http://62.3.25.22/:
486[*] https://webmail.alharbitelecom.com/owa
487[*] http://www.alharbitelecom.com/
488[*] http://www.alharbitelecom.com/about
489[*] http://www.alharbitelecom.com/aht-support-centre-gallery
490[*] http://www.alharbitelecom.com/careers
491[*] http://www.alharbitelecom.com/codeofEthics
492[*] http://www.alharbitelecom.com/commercial-services
493[*] http://www.alharbitelecom.com/./contact
494[*] http://www.alharbitelecom.com/contact
495[*] http://www.alharbitelecom.com/defense-services
496[*] http://www.alharbitelecom.com/faq
497[*] http://www.alharbitelecom.com/home
498[*] http://www.alharbitelecom.com/network
499[*] http://www.alharbitelecom.com/phosphate-KSA-gallery
500[*] http://www.alharbitelecom.com/support
501[*] http://www.alharbitelecom.com/termsAndConditions
502[*] http://www.alharbitelecom.com/view-of-aht
503[*] http://www.linkedin.com/company/al-harbi-telecom
504[INFO] GOOGLE has 7,330 results (0.20 seconds) about http://www.alharbitelecom.com/
505[INFO] Shodan detected the following opened ports on 62.3.25.22:
506[*] 80
507[INFO] ------VirusTotal SECTION------
508[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
509[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
510[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
511[INFO] ------Alexa Rank SECTION------
512[INFO] Percent of Visitors Rank in Country:
513[INFO] Percent of Search Traffic:
514[INFO] Percent of Unique Visits:
515[INFO] Total Sites Linking In:
516[*] Total Sites
517[INFO] Useful links related to www.alharbitelecom.com - 62.3.25.22:
518[*] https://www.virustotal.com/pt/ip-address/62.3.25.22/information/
519[*] https://www.hybrid-analysis.com/search?host=62.3.25.22
520[*] https://www.shodan.io/host/62.3.25.22
521[*] https://www.senderbase.org/lookup/?search_string=62.3.25.22
522[*] https://www.alienvault.com/open-threat-exchange/ip/62.3.25.22
523[*] http://pastebin.com/search?q=62.3.25.22
524[*] http://urlquery.net/search.php?q=62.3.25.22
525[*] http://www.alexa.com/siteinfo/www.alharbitelecom.com
526[*] http://www.google.com/safebrowsing/diagnostic?site=www.alharbitelecom.com
527[*] https://censys.io/ipv4/62.3.25.22
528[*] https://www.abuseipdb.com/check/62.3.25.22
529[*] https://urlscan.io/search/#62.3.25.22
530[*] https://github.com/search?q=62.3.25.22&type=Code
531[INFO] Useful links related to AS39432 - 62.3.25.0/24:
532[*] http://www.google.com/safebrowsing/diagnostic?site=AS:39432
533[*] https://www.senderbase.org/lookup/?search_string=62.3.25.0/24
534[*] http://bgp.he.net/AS39432
535[*] https://stat.ripe.net/AS39432
536[INFO] Date: 11/08/19 | Time: 22:25:19
537[INFO] Total time: 2 minute(s) and 5 second(s)
538#####################################################################################################################################
539Trying "alharbitelecom.com"
540;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45699
541;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 2
542
543;; QUESTION SECTION:
544;alharbitelecom.com. IN ANY
545
546;; ANSWER SECTION:
547alharbitelecom.com. 3600 IN TXT "v=spf1 a mx ip4:62.3.63.101 ~all"
548alharbitelecom.com. 3600 IN MX 10 webmail.alharbitelecom.com.
549alharbitelecom.com. 3600 IN SOA ns1.alharbitelecom.com. tim.sky2net.com. 2004093228 7200 720 1296000 3600
550alharbitelecom.com. 3600 IN A 62.3.25.22
551alharbitelecom.com. 3600 IN NS ns2.alharbitelecom.com.
552alharbitelecom.com. 3600 IN NS ns1.alharbitelecom.com.
553
554;; AUTHORITY SECTION:
555alharbitelecom.com. 3600 IN NS ns2.alharbitelecom.com.
556alharbitelecom.com. 3600 IN NS ns1.alharbitelecom.com.
557
558;; ADDITIONAL SECTION:
559ns1.alharbitelecom.com. 43167 IN A 62.3.25.23
560ns2.alharbitelecom.com. 43167 IN A 62.3.38.22
561
562Received 265 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 207 ms
563######################################################################################################################################
564; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace alharbitelecom.com
565;; global options: +cmd
566. 86008 IN NS f.root-servers.net.
567. 86008 IN NS h.root-servers.net.
568. 86008 IN NS j.root-servers.net.
569. 86008 IN NS b.root-servers.net.
570. 86008 IN NS a.root-servers.net.
571. 86008 IN NS e.root-servers.net.
572. 86008 IN NS k.root-servers.net.
573. 86008 IN NS g.root-servers.net.
574. 86008 IN NS l.root-servers.net.
575. 86008 IN NS m.root-servers.net.
576. 86008 IN NS d.root-servers.net.
577. 86008 IN NS c.root-servers.net.
578. 86008 IN NS i.root-servers.net.
579. 86008 IN RRSIG NS 8 0 518400 20190824170000 20190811160000 59944 . oZ6myek7MIW6yn032kOgcHCtA3ZVEK5U14pTDp8ztNzqv4Buoib/BFIL 0vLlub2+vdKLyJFhkgI4Ap9Xd8lzeIxUSqrFBKPzDr3nTAOVTD5TURjB irsnnN3Mb9t7qTcWgjA1wU8WwfRQLqmgBtLB3oM6ZAn7WG0BRATNWCMO cPmO3Djorh3q4nUXG4sqW4x0CLcI9B1e4iQm05OncA8K9rSB7f2//Qzq Ndc/98Ah2lcNI8X6IcHZ84uAKgKcC06QfkKOTdkp6+c+ta9etN4Yj6zG ABFcjiMMTzy8//97XmyUO/LLipzsgABF8pM0Bwi/a/M4T4XsOjhnx2YP 2tPs6A==
580;; Received 525 bytes from 27.50.70.139#53(27.50.70.139) in 305 ms
581
582com. 172800 IN NS c.gtld-servers.net.
583com. 172800 IN NS l.gtld-servers.net.
584com. 172800 IN NS e.gtld-servers.net.
585com. 172800 IN NS i.gtld-servers.net.
586com. 172800 IN NS j.gtld-servers.net.
587com. 172800 IN NS b.gtld-servers.net.
588com. 172800 IN NS m.gtld-servers.net.
589com. 172800 IN NS k.gtld-servers.net.
590com. 172800 IN NS d.gtld-servers.net.
591com. 172800 IN NS f.gtld-servers.net.
592com. 172800 IN NS h.gtld-servers.net.
593com. 172800 IN NS a.gtld-servers.net.
594com. 172800 IN NS g.gtld-servers.net.
595com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
596com. 86400 IN RRSIG DS 8 1 86400 20190824170000 20190811160000 59944 . KJHEX95xpJp52OCqYp9lFYY+hL6bR+CqRgUrjTeHc/U5XPApTK1Q2STb 9D02xUN3Az2npvQAehb0LhCxBKUd9XD2sf3RwhA840n+gxZgjNzbyKeF y8+dvQNhMI4lqwTiMMiiZAlPSMUb9Muchox08/YqkprZAyeHxXw44V6+ GPZaadKJkeoXHlmGC+8K1W/X9v9Oo6nqz2kLG1dfW3etniUD8Ns3a4/S Ezd7+2KeblwAyFUiCXycMNN17+E0qLVn5YhAFD5jYy+fhvZMPyStOkDE ujcCY8PV4xlYj9pAn+pSpXQED9zqrYfsSXboQbhZbihasAiUDyc+l6hw ABEPyA==
597;; Received 1206 bytes from 192.112.36.4#53(g.root-servers.net) in 194 ms
598
599alharbitelecom.com. 172800 IN NS ns1.alharbitelecom.com.
600alharbitelecom.com. 172800 IN NS ns2.alharbitelecom.com.
601CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
602CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190815044522 20190808033522 17708 com. mZXFevDe/GAzLCPnKm123kkBDgeuHRJXSkMgsHkACMZmMmA5uCrvxXN8 7fTMTFFESSjd14PwgTavf5fJ4J4COTvIVHg7vrnztrt1JadLK3jXNPJ3 3Z8Cv5VINQMEPSAydR7XeZ8AMCvdkyEKB0jzpen719qTk4WWWAw33Jtw 9a8=
603Q5TNDHQASOIIIUL82RQSERAS3ARHLOOA.com. 86400 IN NSEC3 1 1 0 - Q5TOU7VTS1ME7JKKQDKA7RT703VK73PU NS DS RRSIG
604Q5TNDHQASOIIIUL82RQSERAS3ARHLOOA.com. 86400 IN RRSIG NSEC3 8 2 86400 20190816050502 20190809035502 17708 com. usTM+8DqHgceCmJl/EuO8pkr4bV6wVg7gd6ccw57V6FJNy3FcOiUCRpp wirtuluhnTMGfbVE6X3k11PQwULOFmUEwHrWw6984iAk5rVJTHTcrRtI dN9/S+TMCw8avWk4kOCL6oW/apw1H24XEIgDDZOibIOoc4GK3wXmJ8aX L60=
605;; Received 600 bytes from 2001:502:7094::30#53(j.gtld-servers.net) in 40 ms
606
607;; Received 75 bytes from 62.3.25.23#53(ns1.alharbitelecom.com) in 444 ms
608
609######################################################################################################################################
610[*] Performing General Enumeration of Domain: alharbitelecom.com
611[-] DNSSEC is not configured for alharbitelecom.com
612[*] SOA ns1.alharbitelecom.com 62.3.25.23
613[*] NS ns2.alharbitelecom.com 62.3.38.22
614[-] Recursion enabled on NS Server 62.3.38.22
615[*] NS ns1.alharbitelecom.com 62.3.25.23
616[*] Bind Version for 62.3.25.23 Microsoft DNS 6.0.6003 (1773501D)
617[*] MX webmail.alharbitelecom.com 62.3.63.101
618[*] A alharbitelecom.com 62.3.25.22
619[*] TXT alharbitelecom.com v=spf1 a mx ip4:62.3.63.101 ~all
620[*] Enumerating SRV Records
621[*] SRV _autodiscover._tcp.alharbitelecom.com webmail.alharbitelecom.com 62.3.63.101 443 0
622[+] 1 Records Found
623######################################################################################################################################
624[*] Processing domain alharbitelecom.com
625[*] Using system resolvers ['27.50.70.139', '38.132.106.139', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
626[+] Getting nameservers
62762.3.38.22 - ns2.alharbitelecom.com
62862.3.25.23 - ns1.alharbitelecom.com
629[-] Zone transfer failed
630
631[+] TXT records found
632"v=spf1 a mx ip4:62.3.63.101 ~all"
633
634[+] MX records found, added to target list
63510 webmail.alharbitelecom.com.
636
637[*] Scanning alharbitelecom.com for A records
63862.3.25.22 - alharbitelecom.com
63962.3.25.23 - ns1.alharbitelecom.com
64062.3.38.22 - ns2.alharbitelecom.com
64162.3.25.26 - sftp.alharbitelecom.com
64262.3.63.101 - webmail.alharbitelecom.com
64362.3.25.22 - www.alharbitelecom.com
644#####################################################################################################################################
645Domains still to check: 1
646 Checking if the hostname alharbitelecom.com. given is in fact a domain...
647
648Analyzing domain: alharbitelecom.com.
649 Checking NameServers using system default resolver...
650 IP: 62.3.38.22 (Saudi Arabia)
651 HostName: ns2.alharbitelecom.com Type: NS
652 HostName: ns2.alharbitelecom.com Type: PTR
653 IP: 62.3.25.23 (Saudi Arabia)
654 HostName: ns1.alharbitelecom.com Type: NS
655 HostName: ns1.alharbitelecom.com Type: PTR
656
657 Checking MailServers using system default resolver...
658 IP: 62.3.63.101 (Saudi Arabia)
659 HostName: webmail.alharbitelecom.com Type: MX
660 HostName: mail1.makkahtelecom.com Type: PTR
661
662 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
663 No zone transfer found on nameserver 62.3.38.22
664 No zone transfer found on nameserver 62.3.25.23
665
666 Checking SPF record...
667
668 Checking 192 most common hostnames using system default resolver...
669 IP: 62.3.25.22 (Saudi Arabia)
670 HostName: www.alharbitelecom.com. Type: A
671 IP: 62.3.25.23 (Saudi Arabia)
672 HostName: ns1.alharbitelecom.com Type: NS
673 HostName: ns1.alharbitelecom.com Type: PTR
674 HostName: ns1.alharbitelecom.com. Type: A
675 IP: 62.3.38.22 (Saudi Arabia)
676 HostName: ns2.alharbitelecom.com Type: NS
677 HostName: ns2.alharbitelecom.com Type: PTR
678 HostName: ns2.alharbitelecom.com. Type: A
679 IP: 62.3.63.101 (Saudi Arabia)
680 HostName: webmail.alharbitelecom.com Type: MX
681 HostName: mail1.makkahtelecom.com Type: PTR
682 Type: SPF
683 HostName: webmail.alharbitelecom.com. Type: A
684
685 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
686 Checking netblock 62.3.63.0
687 Checking netblock 62.3.38.0
688 Checking netblock 62.3.25.0
689
690 Searching for alharbitelecom.com. emails in Google
691 noc@alharbitelecom.com&
692 yousef@alharbitelecom.com.
693 sales@alharbitelecom.com
694 career@alharbitelecom.com
695 yousef@alharbitelecom.com&
696 career@alharbitelecom.com.
697 support@alharbitelecom.com;
698 rasul@alharbitelecom.com
699 career@alharbitelecom.com;
700
701 Checking 4 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
702 Host 62.3.63.101 is up (reset ttl 64)
703 Host 62.3.38.22 is up (reset ttl 64)
704 Host 62.3.25.22 is up (reset ttl 64)
705 Host 62.3.25.23 is up (reset ttl 64)
706
707 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
708 Scanning ip 62.3.63.101 (webmail.alharbitelecom.com.):
709 443/tcp open ssl/http syn-ack ttl 115 Microsoft IIS httpd 7.5
710 | ssl-cert: Subject: commonName=webmail.alharbitelecom.com/organizationName=Al Harbi Telecom Company/countryName=SA
711 | Subject Alternative Name: DNS:webmail.alharbitelecom.com, DNS:autodiscover.alharbitelecom.com, DNS:autodiscover.elitesproducts.com, DNS:mail.elitesproducts.com
712 | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
713 | Public Key type: rsa
714 | Public Key bits: 2048
715 | Signature Algorithm: sha256WithRSAEncryption
716 | Not valid before: 2019-07-24T00:00:00
717 | Not valid after: 2020-02-07T12:00:00
718 | MD5: 1de8 4919 87bc 4c7d ba31 9565 2363 aca7
719 |_SHA-1: 0dfb 83c3 7667 ee9a 2690 eb0d 9003 e564 a393 014e
720 587/tcp open smtp syn-ack ttl 115 Microsoft Exchange smtpd
721 | smtp-commands: webmail.alharbitelecom.com Hello [193.148.16.202], SIZE 31457280, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, AUTH GSSAPI NTLM, 8BITMIME, BINARYMIME, CHUNKING,
722 |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
723 | smtp-ntlm-info:
724 | Target_Name: AHT
725 | NetBIOS_Domain_Name: AHT
726 | NetBIOS_Computer_Name: AHT-MX1
727 | DNS_Domain_Name: AHT.LAN
728 | DNS_Computer_Name: AHT-MX1.AHT.LAN
729 | DNS_Tree_Name: AHT.LAN
730 |_ Product_Version: 6.1.7601
731 | ssl-cert: Subject: commonName=webmail.alharbitelecom.com/organizationName=Al Harbi Telecom Company/countryName=SA
732 | Subject Alternative Name: DNS:webmail.alharbitelecom.com, DNS:autodiscover.alharbitelecom.com, DNS:autodiscover.elitesproducts.com, DNS:mail.elitesproducts.com
733 | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
734 | Public Key type: rsa
735 | Public Key bits: 2048
736 | Signature Algorithm: sha256WithRSAEncryption
737 | Not valid before: 2019-07-24T00:00:00
738 | Not valid after: 2020-02-07T12:00:00
739 | MD5: 1de8 4919 87bc 4c7d ba31 9565 2363 aca7
740 |_SHA-1: 0dfb 83c3 7667 ee9a 2690 eb0d 9003 e564 a393 014e
741 995/tcp open ssl/pop3s? syn-ack ttl 115
742 |_ssl-date: 2019-08-12T02:44:26+00:00; +1m53s from scanner time.
743 Device type: general purpose|WAP
744 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista|8.1 (85%)
745 OS Info: Service Info: Host: webmail.alharbitelecom.com; OS: Windows; CPE: cpe:/o:microsoft:windows
746 |_clock-skew: mean: 1m52s, deviation: 0s, median: 1m52s
747 Scanning ip 62.3.38.22 (ns2.alharbitelecom.com.):
748 53/tcp open domain? syn-ack ttl 116
749 | fingerprint-strings:
750 | DNSVersionBindReqTCP:
751 | version
752 |_ bind
753 Scanning ip 62.3.25.22 (www.alharbitelecom.com.):
754 80/tcp open http syn-ack ttl 117 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
755 |_http-server-header: Microsoft-HTTPAPI/2.0
756 |_http-title: Not Found
757 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
758 Scanning ip 62.3.25.23 (ns1.alharbitelecom.com.):
759 53/tcp open domain syn-ack ttl 117 Microsoft DNS 6.0.6003 (1773501D)
760 | dns-nsid:
761 |_ bind.version: Microsoft DNS 6.0.6003 (1773501D)
762 | fingerprint-strings:
763 | DNSVersionBindReqTCP:
764 | version
765 | bind
766 |_ "!Microsoft DNS 6.0.6003 (1773501D)
767 80/tcp open http syn-ack ttl 117 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
768 |_http-server-header: Microsoft-HTTPAPI/2.0
769 |_http-title: Not Found
770 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
771 WebCrawling domain's web servers... up to 50 max links.
772
773 + URL to crawl: https://webmail.alharbitelecom.com.
774 + Date: 2019-08-11
775
776 + Crawling URL: https://webmail.alharbitelecom.com.:
777 + Links:
778 + Crawling https://webmail.alharbitelecom.com.
779 + Searching for directories...
780 + Searching open folders...
781
782
783 + URL to crawl: https://webmail.alharbitelecom.com
784 + Date: 2019-08-11
785
786 + Crawling URL: https://webmail.alharbitelecom.com:
787 + Links:
788 + Crawling https://webmail.alharbitelecom.com
789 + Searching for directories...
790 + Searching open folders...
791
792
793 + URL to crawl: http://www.alharbitelecom.com.
794 + Date: 2019-08-11
795
796 + Crawling URL: http://www.alharbitelecom.com.:
797 + Links:
798 + Crawling http://www.alharbitelecom.com. (400 Bad Request)
799 + Searching for directories...
800 + Searching open folders...
801
802
803 + URL to crawl: http://ns1.alharbitelecom.com
804 + Date: 2019-08-11
805
806 + Crawling URL: http://ns1.alharbitelecom.com:
807 + Links:
808 + Crawling http://ns1.alharbitelecom.com (404 Not Found)
809 + Searching for directories...
810 + Searching open folders...
811
812
813 + URL to crawl: http://ns1.alharbitelecom.com.
814 + Date: 2019-08-11
815
816 + Crawling URL: http://ns1.alharbitelecom.com.:
817 + Links:
818 + Crawling http://ns1.alharbitelecom.com. (400 Bad Request)
819 + Searching for directories...
820 + Searching open folders...
821
822--Finished--
823Summary information for domain alharbitelecom.com.
824-----------------------------------------
825 Domain Specific Information:
826 Email: noc@alharbitelecom.com&
827 Email: yousef@alharbitelecom.com.
828 Email: sales@alharbitelecom.com
829 Email: career@alharbitelecom.com
830 Email: yousef@alharbitelecom.com&
831 Email: career@alharbitelecom.com.
832 Email: support@alharbitelecom.com;
833 Email: rasul@alharbitelecom.com
834 Email: career@alharbitelecom.com;
835
836 Domain Ips Information:
837 IP: 62.3.63.101
838 HostName: webmail.alharbitelecom.com Type: MX
839 HostName: mail1.makkahtelecom.com Type: PTR
840 Type: SPF
841 HostName: webmail.alharbitelecom.com. Type: A
842 Country: Saudi Arabia
843 Is Active: True (reset ttl 64)
844 Port: 443/tcp open ssl/http syn-ack ttl 115 Microsoft IIS httpd 7.5
845 Script Info: | ssl-cert: Subject: commonName=webmail.alharbitelecom.com/organizationName=Al Harbi Telecom Company/countryName=SA
846 Script Info: | Subject Alternative Name: DNS:webmail.alharbitelecom.com, DNS:autodiscover.alharbitelecom.com, DNS:autodiscover.elitesproducts.com, DNS:mail.elitesproducts.com
847 Script Info: | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
848 Script Info: | Public Key type: rsa
849 Script Info: | Public Key bits: 2048
850 Script Info: | Signature Algorithm: sha256WithRSAEncryption
851 Script Info: | Not valid before: 2019-07-24T00:00:00
852 Script Info: | Not valid after: 2020-02-07T12:00:00
853 Script Info: | MD5: 1de8 4919 87bc 4c7d ba31 9565 2363 aca7
854 Script Info: |_SHA-1: 0dfb 83c3 7667 ee9a 2690 eb0d 9003 e564 a393 014e
855 Port: 587/tcp open smtp syn-ack ttl 115 Microsoft Exchange smtpd
856 Script Info: | smtp-commands: webmail.alharbitelecom.com Hello [193.148.16.202], SIZE 31457280, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, AUTH GSSAPI NTLM, 8BITMIME, BINARYMIME, CHUNKING,
857 Script Info: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
858 Script Info: | smtp-ntlm-info:
859 Script Info: | Target_Name: AHT
860 Script Info: | NetBIOS_Domain_Name: AHT
861 Script Info: | NetBIOS_Computer_Name: AHT-MX1
862 Script Info: | DNS_Domain_Name: AHT.LAN
863 Script Info: | DNS_Computer_Name: AHT-MX1.AHT.LAN
864 Script Info: | DNS_Tree_Name: AHT.LAN
865 Script Info: |_ Product_Version: 6.1.7601
866 Script Info: | ssl-cert: Subject: commonName=webmail.alharbitelecom.com/organizationName=Al Harbi Telecom Company/countryName=SA
867 Script Info: | Subject Alternative Name: DNS:webmail.alharbitelecom.com, DNS:autodiscover.alharbitelecom.com, DNS:autodiscover.elitesproducts.com, DNS:mail.elitesproducts.com
868 Script Info: | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
869 Script Info: | Public Key type: rsa
870 Script Info: | Public Key bits: 2048
871 Script Info: | Signature Algorithm: sha256WithRSAEncryption
872 Script Info: | Not valid before: 2019-07-24T00:00:00
873 Script Info: | Not valid after: 2020-02-07T12:00:00
874 Script Info: | MD5: 1de8 4919 87bc 4c7d ba31 9565 2363 aca7
875 Script Info: |_SHA-1: 0dfb 83c3 7667 ee9a 2690 eb0d 9003 e564 a393 014e
876 Port: 995/tcp open ssl/pop3s? syn-ack ttl 115
877 Script Info: |_ssl-date: 2019-08-12T02:44:26+00:00; +1m53s from scanner time.
878 Script Info: Device type: general purpose|WAP
879 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista|8.1 (85%)
880 Os Info: Host: webmail.alharbitelecom.com; OS: Windows; CPE: cpe:/o:microsoft:windows
881 Script Info: |_clock-skew: mean: 1m52s, deviation: 0s, median: 1m52s
882 IP: 62.3.38.22
883 HostName: ns2.alharbitelecom.com Type: NS
884 HostName: ns2.alharbitelecom.com Type: PTR
885 HostName: ns2.alharbitelecom.com. Type: A
886 Country: Saudi Arabia
887 Is Active: True (reset ttl 64)
888 Port: 53/tcp open domain? syn-ack ttl 116
889 Script Info: | fingerprint-strings:
890 Script Info: | DNSVersionBindReqTCP:
891 Script Info: | version
892 Script Info: |_ bind
893 IP: 62.3.25.22
894 HostName: www.alharbitelecom.com. Type: A
895 Country: Saudi Arabia
896 Is Active: True (reset ttl 64)
897 Port: 80/tcp open http syn-ack ttl 117 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
898 Script Info: |_http-server-header: Microsoft-HTTPAPI/2.0
899 Script Info: |_http-title: Not Found
900 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
901 IP: 62.3.25.23
902 HostName: ns1.alharbitelecom.com Type: NS
903 HostName: ns1.alharbitelecom.com Type: PTR
904 HostName: ns1.alharbitelecom.com. Type: A
905 Country: Saudi Arabia
906 Is Active: True (reset ttl 64)
907 Port: 53/tcp open domain syn-ack ttl 117 Microsoft DNS 6.0.6003 (1773501D)
908 Script Info: | dns-nsid:
909 Script Info: |_ bind.version: Microsoft DNS 6.0.6003 (1773501D)
910 Script Info: | fingerprint-strings:
911 Script Info: | DNSVersionBindReqTCP:
912 Script Info: | version
913 Script Info: | bind
914 Script Info: |_ "!Microsoft DNS 6.0.6003 (1773501D)
915 Port: 80/tcp open http syn-ack ttl 117 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
916 Script Info: |_http-server-header: Microsoft-HTTPAPI/2.0
917 Script Info: |_http-title: Not Found
918 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
919
920#####################################################################################################################################
921Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 22:30 EDT
922Nmap scan report for alharbitelecom.com (62.3.25.22)
923Host is up (0.42s latency).
924Not shown: 479 filtered ports, 3 closed ports
925Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
926PORT STATE SERVICE
92780/tcp open http
928#####################################################################################################################################
929Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 22:31 EDT
930Nmap scan report for www.makkahgroup.com (62.3.25.22)
931Host is up (0.19s latency).
932Not shown: 2 filtered ports
933PORT STATE SERVICE
93453/udp open|filtered domain
93567/udp open|filtered dhcps
93668/udp open|filtered dhcpc
93769/udp open|filtered tftp
93888/udp open|filtered kerberos-sec
939123/udp open|filtered ntp
940139/udp open|filtered netbios-ssn
941161/udp open|filtered snmp
942162/udp open|filtered snmptrap
943389/udp open|filtered ldap
944500/udp open|filtered isakmp
945520/udp open|filtered route
9462049/udp open|filtered nfs
947######################################################################################################################################
948Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 22:31 EDT
949NSE: Loaded 162 scripts for scanning.
950NSE: Script Pre-scanning.
951Initiating NSE at 22:31
952Completed NSE at 22:31, 0.00s elapsed
953Initiating NSE at 22:31
954Completed NSE at 22:31, 0.00s elapsed
955Initiating Parallel DNS resolution of 1 host. at 22:31
956Completed Parallel DNS resolution of 1 host. at 22:31, 0.02s elapsed
957Initiating SYN Stealth Scan at 22:31
958Scanning www.makkahgroup.com (62.3.25.22) [1 port]
959Discovered open port 80/tcp on 62.3.25.22
960Completed SYN Stealth Scan at 22:31, 0.59s elapsed (1 total ports)
961Initiating Service scan at 22:31
962Scanning 1 service on www.makkahgroup.com (62.3.25.22)
963Completed Service scan at 22:31, 6.88s elapsed (1 service on 1 host)
964Initiating OS detection (try #1) against www.makkahgroup.com (62.3.25.22)
965Retrying OS detection (try #2) against www.makkahgroup.com (62.3.25.22)
966Initiating Traceroute at 22:31
967Completed Traceroute at 22:32, 3.20s elapsed
968Initiating Parallel DNS resolution of 10 hosts. at 22:32
969Completed Parallel DNS resolution of 10 hosts. at 22:32, 0.66s elapsed
970NSE: Script scanning 62.3.25.22.
971Initiating NSE at 22:32
972Completed NSE at 22:36, 293.55s elapsed
973Initiating NSE at 22:36
974Completed NSE at 22:36, 0.87s elapsed
975Nmap scan report for www.makkahgroup.com (62.3.25.22)
976Host is up (0.39s latency).
977
978PORT STATE SERVICE VERSION
97980/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
980| http-aspnet-debug:
981|_ status: DEBUG is enabled
982| http-backup-finder:
983| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.makkahgroup.com
984|_ http://www.makkahgroup.com:80/css/Copy of aht.stylesheet.min.css
985| http-brute:
986|_ Path "/" does not require authentication
987|_http-chrono: Request times for /; avg: 2689.29ms; min: 2587.52ms; max: 2800.72ms
988|_http-csrf: Couldn't find any CSRF vulnerabilities.
989|_http-date: Mon, 12 Aug 2019 02:55:13 GMT; +22m52s from local time.
990|_http-devframework: ASP.NET detected. Found related header.
991|_http-dombased-xss: Couldn't find any DOM based XSS.
992|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
993| http-errors:
994| Spidering limited to: maxpagecount=40; withinhost=www.makkahgroup.com
995| Found the following error pages:
996|
997| Error Code: 403
998| http://www.makkahgroup.com:80/js/fancybox/source/
999|
1000| Error Code: 404
1001| http://www.makkahgroup.com:80/js/fancybox/source/%7bhref%7d
1002|
1003| Error Code: 404
1004| http://www.makkahgroup.com:80/js/fancybox/source/item.href;
1005|
1006| Error Code: 404
1007| http://www.makkahgroup.com:80/js/fancybox/source/current.href;
1008|
1009| Error Code: 500
1010|_ http://www.makkahgroup.com:80/CVUpload.asmx/PostCV
1011|_http-feed: Couldn't find any feeds.
1012|_http-fetch: Please enter the complete path of the directory to save data in.
1013| http-fileupload-exploiter:
1014|
1015| Couldn't find a file-type field.
1016|
1017| Couldn't find a file-type field.
1018|
1019| Couldn't find a file-type field.
1020|
1021| Couldn't find a file-type field.
1022|
1023| Couldn't find a file-type field.
1024|
1025| Couldn't find a file-type field.
1026|
1027| Couldn't find a file-type field.
1028|
1029| Couldn't find a file-type field.
1030|
1031| Couldn't find a file-type field.
1032|
1033| Couldn't find a file-type field.
1034|
1035| Couldn't find a file-type field.
1036|
1037|_ Couldn't find a file-type field.
1038| http-grep:
1039| (1) http://www.makkahgroup.com:80/:
1040| (1) email:
1041| + sales@alharbitelecom.com
1042| (1) http://www.makkahgroup.com:80/support:
1043| (1) email:
1044| + support@alharbitelecom.com
1045| (2) http://www.makkahgroup.com:80/faq:
1046| (2) ip:
1047| + 62.3.32.16
1048| + 62.3.32.17
1049| (1) http://www.makkahgroup.com:80/css/font-awesome-ie7.min.css:
1050| (1) email:
1051|_ + dave@davegandy.com
1052| http-headers:
1053| Cache-Control: private
1054| Content-Length: 16892
1055| Content-Type: text/html; charset=utf-8
1056| ETag: ""
1057| Server: Microsoft-IIS/7.0
1058| X-AspNetWebPages-Version: 2.0
1059| X-AspNet-Version: 4.0.30319
1060| X-Powered-By: ASP.NET
1061| Date: Mon, 12 Aug 2019 02:55:16 GMT
1062| Connection: close
1063|
1064|_ (Request type: HEAD)
1065|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1066|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
1067| http-methods:
1068| Supported Methods: OPTIONS TRACE GET HEAD POST
1069|_ Potentially risky methods: TRACE
1070|_http-mobileversion-checker: No mobile version detected.
1071| http-php-version: Logo query returned unknown hash 37a7eb3ca3b5c5186494568f967785c4
1072|_Credits query returned unknown hash 37a7eb3ca3b5c5186494568f967785c4
1073| http-security-headers:
1074| Cache_Control:
1075|_ Header: Cache-Control: private
1076| http-server-header:
1077| Microsoft-HTTPAPI/2.0
1078|_ Microsoft-IIS/7.0
1079| http-sitemap-generator:
1080| Directory structure:
1081| /
1082| Other: 10
1083| /css/
1084| css: 1
1085| /images/
1086| ico: 1; png: 2
1087| /js/
1088| js: 5
1089| Longest directory structure:
1090| Depth: 1
1091| Dir: /images/
1092| Total files found (by extension):
1093|_ Other: 10; css: 1; ico: 1; js: 5; png: 2
1094|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1095|_http-title: Al Harbi Telecom - Home Page
1096| http-vhosts:
1097| 126 names had status 404
1098|_www.makkahgroup.com : 200
1099|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1100|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1101|_http-xssed: No previously reported XSS vuln.
1102| vulscan: VulDB - https://vuldb.com:
1103| [131683] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Win32k memory corruption
1104| [131642] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Active Directory privilege escalation
1105| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
1106| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
1107| [123853] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel Memory information disclosure
1108| [122858] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 LNK memory corruption
1109| [122833] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI+ memory corruption
1110| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
1111| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
1112| [119469] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel privilege escalation
1113| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
1114| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
1115| [114528] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI privilege escalation
1116| [114524] Microsoft ASP.NET Core 2.0 denial of service
1117| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
1118| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
1119| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
1120| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
1121| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
1122| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
1123| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
1124| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
1125| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
1126| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1127| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1128| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1129| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1130| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1131| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1132| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1133| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1134| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1135| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1136| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1137| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
1138| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
1139| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
1140| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
1141| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
1142| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
1143| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
1144| [111347] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Color Management Icm32.dll information disclosure
1145| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
1146| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
1147| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1148| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature Macro privilege escalation
1149| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
1150| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1151| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1152| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1153| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
1154| [106497] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Uniscribe memory corruption
1155| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1156| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1157| [105051] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Font Library privilege escalation
1158| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
1159| [102513] Microsoft Windows XP SP3/Server 2003 SP2 OLE olecnv32.dll privilege escalation
1160| [102512] Microsoft Windows XP SP3/Server 2003 SP2 rpc privilege escalation
1161| [102511] Microsoft Windows XP SP3/Server 2003 SP2 RDP EsteemAudit privilege escalation
1162| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
1163| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
1164| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
1165| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1166| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
1167| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
1168| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
1169| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
1170| [101011] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 ActiveX Object Memory memory corruption
1171| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
1172| [99904] Microsoft Windows XP SP3/Server 2003 SP2 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
1173| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
1174| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
1175| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
1176| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
1177| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
1178| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
1179| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
1180| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
1181| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
1182| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1183| [98085] Microsoft Excel 2007 SP3 memory corruption
1184| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
1185| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
1186| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
1187| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
1188| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
1189| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
1190| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
1191| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
1192| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
1193| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 information disclosure
1194| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
1195| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1196| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
1197| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
1198| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
1199| [93541] Microsoft Office 2007 SP3 denial of service
1200| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
1201| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
1202| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
1203| [93396] Microsoft Office 2007/2010/2011 memory corruption
1204| [93395] Microsoft Office 2007/2010/2011 memory corruption
1205| [93394] Microsoft Office 2007/2010 memory corruption
1206| [92596] Microsoft Windows Vista SP2/7 SP1/Server 2008 SP2/Server 2008 R2 Internet Messaging API File information disclosure
1207| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
1208| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1209| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
1210| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1211| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1212| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1213| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
1214| [91545] Microsoft Office 2007/2010 memory corruption
1215| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1216| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
1217| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
1218| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
1219| [90705] Microsoft Office 2007/2010/2011 memory corruption
1220| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1221| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
1222| [89034] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
1223| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
1224| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
1225| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
1226| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
1227| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL memory corruption
1228| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
1229| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
1230| [87935] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
1231| [87934] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
1232| [87933] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
1233| [87147] Microsoft Office 2007/2010 memory corruption
1234| [87145] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
1235| [87144] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
1236| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
1237| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
1238| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
1239| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
1240| [81272] Microsoft Office 2007/2010/2013 memory corruption
1241| [81265] Microsoft Windows Vista SP2/Server 2008 Library Loader memory corruption
1242| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1243| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1244| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
1245| [79506] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Library Loader memory corruption
1246| [79505] Microsoft Office 2007 memory corruption
1247| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
1248| [79503] Microsoft Office 2007/2010/2013 memory corruption
1249| [79502] Microsoft Office 2007/2010/2011 memory corruption
1250| [79501] Microsoft Office 2007/2010 memory corruption
1251| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
1252| [79493] Microsoft Windows Vista/Server 2008 Graphics memory corruption
1253| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
1254| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
1255| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
1256| [79167] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Journal memory corruption
1257| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
1258| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
1259| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 EPS Image memory corruption
1260| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
1261| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
1262| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
1263| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
1264| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
1265| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
1266| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
1267| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
1268| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
1269| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
1270| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
1271| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
1272| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
1273| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
1274| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
1275| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
1276| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
1277| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
1278| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
1279| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
1280| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
1281| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
1282| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
1283| [73979] Microsoft Exchange Server 2003 SP1/2003 CU7 Meeting privilege escalation
1284| [73978] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
1285| [73977] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
1286| [73976] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
1287| [73975] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
1288| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
1289| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
1290| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
1291| [69155] Microsoft Excel 2007/2010/2013/- Object memory corruption
1292| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
1293| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
1294| [68408] Microsoft Excel 2007/2010/2013 memory corruption
1295| [68407] Microsoft Excel 2007/2010 memory corruption
1296| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
1297| [68195] Microsoft Windows Vista/7/Server 2003/Server 2008 Input Method Editor Sandbox privilege escalation
1298| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
1299| [68188] Microsoft Word 2007 File memory corruption
1300| [68187] Microsoft Word 2007 File memory corruption
1301| [68186] Microsoft Word 2007 File memory corruption
1302| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
1303| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
1304| [71337] Microsoft Office 2000/2004/XP memory corruption
1305| [67355] Microsoft OneNote 2007 File Processing privilege escalation
1306| [67354] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 SQL Master Data Services cross site scripting
1307| [67353] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
1308| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
1309| [13545] Microsoft Word 2007 Embedded Font memory corruption
1310| [13397] Microsoft Windows XP/2000/Server 2003 DHCP Response DHCP ACK spoofing
1311| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
1312| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
1313| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
1314| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
1315| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
1316| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
1317| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
1318| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
1319| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
1320| [12844] Microsoft Word 2007/2010 Office File memory corruption
1321| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
1322| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
1323| [12530] Microsoft Windows XP/Vista/Server 2003/Server 2008/Server 2012 Security Account Manager Lockout privilege escalation
1324| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
1325| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
1326| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
1327| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
1328| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
1329| [11151] Microsoft Outlook 2007/2010/2013/- S/MIME Certificate Metadata Expansion memory corruption
1330| [11149] Microsoft Office 2003/2007/2010/2013/- WordPerfect Document epsimp32.flt memory corruption
1331| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
1332| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
1333| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
1334| [11081] Microsoft Windows Vista/Server 2008 TIFF Image memory corruption
1335| [10648] Microsoft Word 2007 Word File memory corruption
1336| [10647] Microsoft Word 2003 Word File memory corruption
1337| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
1338| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
1339| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
1340| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
1341| [10244] Microsoft Office 2003 SP3 Word File memory corruption
1342| [10243] Microsoft Office 2003/2007 Word File memory corruption
1343| [10242] Microsoft Office 2007 Word File memory corruption
1344| [10241] Microsoft Office 2007 Word File memory corruption
1345| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
1346| [10239] Microsoft Office 2003/2007 Word File memory corruption
1347| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
1348| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
1349| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
1350| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
1351| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
1352| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
1353| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
1354| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
1355| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
1356| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
1357| [10192] Microsoft Windows XP SP3/Vista/7/2000/Server 2003 SP2 Windows Theme File privilege escalation
1358| [10191] Microsoft Windows XP/Server 2003 OLE Object privilege escalation
1359| [10190] Microsoft Windows Vista/7/8/Server 2008 Active Directory denial of service
1360| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
1361| [9941] Microsoft Windows XP/Server 2003 Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
1362| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
1363| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
1364| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
1365| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
1366| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
1367| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
1368| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
1369| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
1370| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
1371| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
1372| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
1373| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
1374| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
1375| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
1376| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
1377| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
1378| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
1379| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
1380| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
1381| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
1382| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
1383| [7641] Microsoft Windows XP/Vista/Server 2003/Server 2008 DirectShow Quartz.dll memory corruption
1384| [8589] Microsoft System Center Operations Manager 2007 SP1/2007 R2 ViewTypeManager.aspx cross site scripting
1385| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
1386| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
1387| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
1388| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
1389| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
1390| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
1391| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
1392| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
1393| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
1394| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
1395| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
1396| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
1397| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
1398| [6830] Microsoft Word 2007/2010 File memory corruption
1399| [6819] Microsoft Excel 2007 File memory corruption
1400| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
1401| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
1402| [6622] Microsoft Word 2003/2007/2010/- RTF Document memory corruption
1403| [6621] Microsoft Word 2007 PAPX memory corruption
1404| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
1405| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
1406| [5939] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Print Spooler Service memory corruption
1407| [5938] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Remote Administration Protocol netapi32.dll RAP Request denial of service
1408| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
1409| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
1410| [5654] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 information disclosure
1411| [5653] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
1412| [5652] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
1413| [5650] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
1414| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
1415| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
1416| [5643] Microsoft SharePoint 2007/2010 information disclosure
1417| [5642] Microsoft SharePoint 2007 cross site request forgery
1418| [5553] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Font atmfd.dll denial of service
1419| [5524] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
1420| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
1421| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
1422| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
1423| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
1424| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
1425| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
1426| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
1427| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
1428| [5046] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
1429| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
1430| [4802] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Protocol denial of service
1431| [4798] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Service memory corruption
1432| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
1433| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
1434| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
1435| [4535] Microsoft Windows XP/Server 2003 Object Packager packager.exe privilege escalation
1436| [4534] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
1437| [4533] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Multimedia Library winmm.dll MIDI File memory corruption
1438| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication Redirect
1439| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
1440| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
1441| [4480] Microsoft Excel 2003 memory corruption
1442| [4478] Microsoft Windows XP/Server 2003 OLE Objects Memory Management memory corruption
1443| [4477] Microsoft PowerPoint 2007 OfficeArt Use-After-Free memory corruption
1444| [4474] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Active Directory Query memory corruption
1445| [4473] Microsoft Powerpoint 2007/2010 DLL-Loader memory corruption
1446| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
1447| [4470] Microsoft Office 2003 SP3 memory corruption
1448| [4453] Microsoft Excel 2003 Record Parser memory corruption
1449| [4446] Microsoft Office 2008/2007 OfficeArt Record Parser memory corruption
1450| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
1451| [4438] Microsoft Windows Vista/7/Server 2008 TCP/IP Reference Counter denial of service
1452| [5358] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 TrueType Font Handling memory corruption
1453| [59005] Microsoft Host Integration Server 2004 denial of service
1454| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
1455| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
1456| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
1457| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
1458| [58488] Microsoft Office 2007/2010 memory corruption
1459| [4412] Microsoft Office 2003/2007 Library Loader Designfehler
1460| [4411] Microsoft Excel 2003 memory corruption
1461| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
1462| [58240] Microsoft Visio 2003/2007 memory corruption
1463| [58237] Microsoft Visio 2003/2007/2010 memory corruption
1464| [4396] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
1465| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
1466| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
1467| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
1468| [4388] Microsoft Windows Vista/7/Server 2008 File Metadata Parser denial of service
1469| [57691] Microsoft SQL Server 2008 Web Service information disclosure
1470| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
1471| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
1472| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
1473| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
1474| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
1475| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
1476| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
1477| [4369] Microsoft Excel 2002/2003/2007 memory corruption
1478| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
1479| [4362] Microsoft Windows Vista/7/Server 2008 denial of service
1480| [57420] Microsoft PowerPoint 2002/2003 memory corruption
1481| [4349] Microsoft Office 2004/2008/2007 Presentation File Parser memory corruption
1482| [4348] Microsoft Powerpoint 2002/2003/2007 memory corruption
1483| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
1484| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
1485| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
1486| [57076] Microsoft Excel 2002/2003 memory corruption
1487| [57075] Microsoft Excel 2002/2003 memory corruption
1488| [57074] Microsoft Excel 2002 memory corruption
1489| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
1490| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
1491| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
1492| [56475] Microsoft Office 2004/2008 memory corruption
1493| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
1494| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
1495| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
1496| [4297] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Compact Font Format Driver privilege escalation
1497| [4296] Microsoft Windows XP/Server 2003 LSASS Authentication Request unknown vulnerability
1498| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
1499| [4294] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys unknown vulnerability
1500| [4293] Microsoft Windows XP/Server 2003 Kerberos CRC32 Checksum privilege escalation
1501| [4292] Microsoft Windows XP/Server 2003 CSRSS Logoff privilege escalation
1502| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
1503| [4286] Microsoft Powerpoint 2007 OfficeArt Container Parser memory corruption
1504| [4279] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 MHTML cross site scripting
1505| [56176] Microsoft Windows XP/7/Server 2003 fxscover.exe CDrawPoly::Serialize memory corruption
1506| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
1507| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
1508| [55765] Microsoft Office 2003/Xp Integer memory corruption
1509| [55764] Microsoft Office 2003/Xp memory corruption
1510| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
1511| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
1512| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
1513| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
1514| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
1515| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
1516| [4224] Microsoft Windows Vista/7/Server 2008 Consent User Interface privilege escalation
1517| [4231] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys GreEnableEUDC denial of service
1518| [55420] Microsoft Office 2007/2010 memory corruption
1519| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
1520| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
1521| [55411] Microsoft PowerPoint 2002/2003 memory corruption
1522| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
1523| [54995] Microsoft Office 2004/2008 memory corruption
1524| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
1525| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
1526| [54992] Microsoft Excel 2002 memory corruption
1527| [54991] Microsoft Office 2004 Future memory corruption
1528| [54990] Microsoft Office 2004 memory corruption
1529| [54989] Microsoft Office 2004/2008 memory corruption
1530| [54988] Microsoft Excel 2002 memory corruption
1531| [54987] Microsoft Excel 2002 memory corruption
1532| [54986] Microsoft Excel 2002/2003 memory corruption
1533| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
1534| [54984] Microsoft Office 2004/2008 memory corruption
1535| [54983] Microsoft Excel 2002 Integer memory corruption
1536| [54980] Microsoft Word 2002/2003 memory corruption
1537| [54979] Microsoft Word 2002 memory corruption
1538| [54978] Microsoft Word 2002 memory corruption
1539| [54977] Microsoft Word 2002 Heap-based memory corruption
1540| [54976] Microsoft Word 2002 memory corruption
1541| [54975] Microsoft Word 2002 memory corruption
1542| [54974] Microsoft Word 2002 memory corruption
1543| [54973] Microsoft Word 2002 memory corruption
1544| [54972] Microsoft Word 2002 memory corruption
1545| [54971] Microsoft Word 2002 memory corruption
1546| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
1547| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
1548| [4194] Microsoft Windows Vista/7/Server 2008 SChannel Client Certificate Request denial of service
1549| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
1550| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
1551| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
1552| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
1553| [54554] Microsoft Groove 2007 mso.dll memory corruption
1554| [4187] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack Ipv4SetEchoRequestCreate() denial of service
1555| [54322] Microsoft Word 2002/2003 memory corruption
1556| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
1557| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
1558| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
1559| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
1560| [4165] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
1561| [4162] Microsoft Windows Vista/7/Server 2008 Kernel memory corruption
1562| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
1563| [4149] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Shell Shortcut Parser memory corruption
1564| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
1565| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
1566| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
1567| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
1568| [4151] Microsoft Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel memory corruption
1569| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
1570| [53505] Microsoft Excel 2002/2007 memory corruption
1571| [53501] Microsoft Excel 2002 memory corruption
1572| [53500] Microsoft Excel 2002 memory corruption
1573| [53499] Microsoft Excel 2002 memory corruption
1574| [53495] Microsoft Excel 2002/2003/2007 memory corruption
1575| [53494] Microsoft Excel 2002 Stack-based memory corruption
1576| [53504] Microsoft Excel 2002 memory corruption
1577| [53503] Microsoft Excel 2002 Stack-Based memory corruption
1578| [53502] Microsoft Excel 2002 Heap-based memory corruption
1579| [53498] Microsoft Excel 2002 Stack-based memory corruption
1580| [53497] Microsoft Excel 2002 memory corruption
1581| [53496] Microsoft Excel 2002 memory corruption
1582| [53493] Microsoft Excel 2002/2003/2007 memory corruption
1583| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
1584| [53366] Microsoft ASP.NET 2.0 cross site scripting
1585| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
1586| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
1587| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
1588| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
1589| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
1590| [52773] Microsoft Visio 2002/2003/2007 memory corruption
1591| [52772] Microsoft Visio 2002/2003/2007 memory corruption
1592| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
1593| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
1594| [52543] Microsoft Virtual PC 2007 unknown vulnerability
1595| [52148] Microsoft Office 2004/2008/2007 Uninitialized Memory memory corruption
1596| [52147] Microsoft Office 2004/2008/2007 Spreadsheet Uninitialized Memory memory corruption
1597| [52146] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
1598| [52145] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
1599| [52144] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
1600| [52143] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
1601| [4090] Microsoft Excel 2002/2003/2007 memory corruption
1602| [52036] Microsoft Windows 2000 MsgBox memory corruption
1603| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
1604| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
1605| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
1606| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
1607| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
1608| [51799] Microsoft PowerPoint 2002/2003 memory corruption
1609| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
1610| [4082] Microsoft Powerpoint 2002 memory corruption
1611| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
1612| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
1613| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
1614| [51133] Microsoft Windows 2000 SP4/XP SP2/SP3/Server 2003 SP2 memory corruption
1615| [51074] Microsoft Office 2002/2003 Integer memory corruption
1616| [4069] Microsoft Project 2007/2003 Project Memory Validator memory corruption
1617| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
1618| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
1619| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
1620| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
1621| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
1622| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
1623| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
1624| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
1625| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
1626| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
1627| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
1628| [50443] Microsoft Office Powerpoint 2007 Integer memory corruption
1629| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
1630| [49866] Microsoft Windows Server 2003 memory corruption
1631| [4031] Microsoft Windows Vista/Server 2008 SMB Processor EducatedScholar memory corruption
1632| [4030] Microsoft Windows Vista/Server 2008 Wireless LAN AutoConfig Service Heap-based memory corruption
1633| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
1634| [49745] Microsoft Windows Server 2003 denial of service
1635| [49394] Microsoft Windows Server 2003 memory corruption
1636| [49198] Microsoft Visual Studio 2005 information disclosure
1637| [49047] Microsoft Virtual Server 2005 privilege escalation
1638| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
1639| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
1640| [49044] Microsoft ISA Server 2006 privilege escalation
1641| [3999] Microsoft Office 2007 Pointer memory corruption
1642| [4000] Microsoft Office 2003/Xp/Sp3 Web Components memory corruption
1643| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
1644| [48572] Microsoft Office Powerpoint 2002 FL21WIN.DLL memory corruption
1645| [48517] Microsoft Windows 2000 Memory Leak memory corruption
1646| [48516] Microsoft Windows Server 2008 unknown vulnerability
1647| [48512] Microsoft Windows Server 2008 unknown vulnerability
1648| [48515] Microsoft Office Word Viewer 2003 memory corruption
1649| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
1650| [48554] Microsoft Excel 2000/2003/2007 memory corruption
1651| [48157] Microsoft Office PowerPoint 2002 Sound memory corruption
1652| [48156] Microsoft Office PowerPoint 2000 Stack-based memory corruption
1653| [48154] Microsoft Office PowerPoint 2002 Sound PP7X32.DLL memory corruption
1654| [48152] Microsoft Office PowerPoint 2002 PP4X32.DLL memory corruption
1655| [48150] Microsoft Office PowerPoint 2002 Sound memory corruption
1656| [48147] Microsoft Office PowerPoint 2002 Sound memory corruption
1657| [48146] Microsoft Office PowerPoint 2002 Integer memory corruption
1658| [48155] Microsoft Office PowerPoint 2002 Notes Container Heap-based memory corruption
1659| [48153] Microsoft Office PowerPoint 2002 Sound memory corruption
1660| [48151] Microsoft Office PowerPoint 2002 Stack-based memory corruption
1661| [48149] Microsoft Office PowerPoint 2002 memory corruption
1662| [48148] Microsoft Office PowerPoint 2002 Sound memory corruption
1663| [3974] Microsoft Powerpoint 2000/2002/2003 Sound Data Stack-based memory corruption
1664| [3973] Microsoft Powerpoint 2000/2002/2003 Notes Container Stack-based memory corruption
1665| [3972] Microsoft Powerpoint 2000/2002/2003 BuildList memory corruption
1666| [3971] Microsoft Powerpoint 2000/2002/2003 Object Stack-based memory corruption
1667| [3970] Microsoft Powerpoint 2000/2002/2003 Paragraph Stack-based memory corruption
1668| [3969] Microsoft Powerpoint 2000/2002/2003 Atom Stack-based memory corruption
1669| [47719] Microsoft Windows 2000 Stack-based memory corruption
1670| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
1671| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
1672| [47715] Microsoft Windows 2000 Wordpad memory corruption
1673| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
1674| [3960] Microsoft Windows XP/2000/Server 2003 DirectShow MJPEG memory corruption
1675| [3952] Microsoft ISA Server 2004/2006 denial of service
1676| [3946] Microsoft PowerPoint 2004/2000/2002/2003 memory corruption
1677| [47091] Microsoft Windows Server 2008 unknown vulnerability
1678| [47090] Microsoft Windows Server 2008 unknown vulnerability
1679| [3939] Microsoft Windows 2000 DNS Designfehler
1680| [3938] Microsoft Windows 2000 SSL weak authentication
1681| [3937] Microsoft Windows 2000 memory corruption
1682| [3932] Microsoft Excel 2004/2000/2002/2003/2007 Object Reference Designfehler
1683| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
1684| [46455] Microsoft Exchange Server 2007 denial of service
1685| [46454] Microsoft Exchange Server 2007 memory corruption
1686| [46453] Microsoft Visio 2002/2003/2007 memory corruption
1687| [46452] Microsoft Visio 2002/2003/2007 memory corruption
1688| [46451] Microsoft Visio 2002/2003/2007 memory corruption
1689| [46327] Microsoft Word 2007 information disclosure
1690| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
1691| [45381] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
1692| [45380] Microsoft Windows Vista SP1/Server 2008 Search memory corruption
1693| [45379] Microsoft Office SharePoint Server 2007 denial of service
1694| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
1695| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
1696| [3891] Microsoft Excel 2000/2002/2003 memory corruption
1697| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
1698| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
1699| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
1700| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
1701| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
1702| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
1703| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
1704| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
1705| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
1706| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
1707| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
1708| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
1709| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
1710| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
1711| [45197] Microsoft Windows 2000 nskey.dll memory corruption
1712| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
1713| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
1714| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
1715| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
1716| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
1717| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
1718| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
1719| [3844] Microsoft Excel 2003 REPT memory corruption
1720| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
1721| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based Eingabeung\xC3\xBCltigkeit
1722| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
1723| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
1724| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
1725| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
1726| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
1727| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
1728| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
1729| [43676] Microsoft Windows XP/Vista/2000/Server 2003 memory corruption
1730| [43675] Microsoft Windows XP/Vista/2000/Server 2003 of memory corruption
1731| [43662] Microsoft Office Powerpoint Viewer up to 2003 memory corruption
1732| [43661] Microsoft Office Powerpoint Viewer 2003 memory corruption
1733| [43660] Microsoft Office Powerpoint Viewer 2003 Integer memory corruption
1734| [43657] Microsoft Office 2000/2003/Xp memory corruption
1735| [43654] Microsoft SharePoint Server 2007 memory corruption
1736| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
1737| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
1738| [3797] Microsoft Windows Vista/Server 2008 IPsec Policy Designfehler
1739| [3796] Microsoft Office 2000 WPG memory corruption
1740| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
1741| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
1742| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
1743| [3792] Microsoft Office 2000 EPS File memory corruption
1744| [3783] Microsoft Word 2002 memory corruption
1745| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
1746| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
1747| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
1748| [3777] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
1749| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
1750| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
1751| [42816] Microsoft Word 2000/2003 memory corruption
1752| [42732] Microsoft Windows XP/Vista/Server 2003 denial of service
1753| [42731] Microsoft Windows Server 2003 denial of service
1754| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
1755| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
1756| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
1757| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
1758| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
1759| [41880] Microsoft Project 2000/2002/2003 memory corruption
1760| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
1761| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
1762| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
1763| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
1764| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
1765| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
1766| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
1767| [41453] Microsoft Excel 2000/2002/2003 memory corruption
1768| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
1769| [41451] Microsoft Excel 2000/2002/2003 memory corruption
1770| [41450] Microsoft Excel 2000 memory corruption
1771| [41449] Microsoft Excel 2000/2002/2003 memory corruption
1772| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
1773| [3648] Microsoft Excel 2003 memory corruption
1774| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
1775| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
1776| [41002] Microsoft Office 2000/2003/Xp memory corruption
1777| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
1778| [41000] Microsoft Works 2005/8.0 memory corruption
1779| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
1780| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
1781| [40987] Microsoft Windows 2000 denial of service
1782| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
1783| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
1784| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
1785| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
1786| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
1787| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
1788| [39655] Microsoft Windows Server 2003 spoofing
1789| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
1790| [3373] Microsoft Word 2000/2002 memory corruption
1791| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
1792| [38899] Microsoft ISA Server 2004 information disclosure
1793| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
1794| [38326] Microsoft Windows 2000 attemptwrite memory corruption
1795| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
1796| [3223] Microsoft Windows XP/Server 2003 URI Eingabeung\xC3\xBCltigkeit
1797| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
1798| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
1799| [37738] Microsoft Office 2002/2003 memory corruption
1800| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
1801| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
1802| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
1803| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
1804| [37566] Microsoft Excel 2003 unknown vulnerability
1805| [37526] Microsoft Windows 2000/Server 2003 denial of service
1806| [37248] Microsoft Visio 2002 Packaging memory corruption
1807| [37251] Microsoft Windows 2000 memory corruption
1808| [3119] Microsoft Visio 2002 Object memory corruption
1809| [3118] Microsoft Visio 2002 Data memory corruption
1810| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
1811| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
1812| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
1813| [36616] Microsoft Works 2004/2005/2006 memory corruption
1814| [36621] Microsoft Exchange Server 2000 Integer denial of service
1815| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
1816| [36619] Microsoft Exchange Server 2000/2003/2007 memory corruption
1817| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
1818| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
1819| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
1820| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
1821| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
1822| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
1823| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
1824| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
1825| [36039] Microsoft Content Management Server 2001 memory corruption
1826| [36052] Microsoft Windows 2000 Heap-based memory corruption
1827| [36051] Microsoft Word 2007 file798-1.doc memory corruption
1828| [36050] Microsoft Word 2007 file789-1.doc memory corruption
1829| [36040] Microsoft Content Management Server 2001 cross site scripting
1830| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
1831| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
1832| [2990] Microsoft Windows 2000/XP/Vista Animated Cursor Stack-based memory corruption
1833| [36515] Microsoft Windows 2000/XP/Server 2003 memory corruption
1834| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
1835| [35373] Microsoft Excel 2003 denial of service
1836| [35372] Microsoft Office 2003 denial of service
1837| [35206] Microsoft Windows XP/Server 2003 Crash denial of service
1838| [35161] Microsoft ISA Server 2004 unknown vulnerability
1839| [35236] Microsoft Publisher 2007 memory corruption
1840| [2939] Microsoft Word 2000 memory corruption
1841| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
1842| [34993] Microsoft Office 2000/2003/Xp memory corruption
1843| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
1844| [35000] Microsoft Word 2000/2002/2003 memory corruption
1845| [2933] Microsoft Windows XP SP2/2000 SP4/Server 2003 SP1 OLE Dialog Stack-based memory corruption
1846| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
1847| [2884] Microsoft Word 2000/2002/2003 memory corruption
1848| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
1849| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
1850| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
1851| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
1852| [34322] Microsoft Office 2000/2003/Xp memory corruption
1853| [2811] Microsoft Windows 2000/XP/Server 2003 VML Vector Markup Language Integer memory corruption
1854| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
1855| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
1856| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
1857| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
1858| [34126] Microsoft Office 2003 memory corruption
1859| [34122] Microsoft Office Web Components 2000 memory corruption
1860| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum() denial of service
1861| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
1862| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
1863| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
1864| [2738] Microsoft Windows 2000/XP/Server 2003 SNMP memory corruption
1865| [2737] Microsoft Windows XP/Server 2003 Manifest denial of service
1866| [33766] Microsoft Word 2000/2002/2003 memory corruption
1867| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
1868| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
1869| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
1870| [2688] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware denial of service
1871| [2687] Microsoft Windows 2000/XP/Server 2003 Agent ActiveX ACF File Heap-based memory corruption
1872| [2686] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware memory corruption
1873| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
1874| [2659] Microsoft Windows 2000/XP GDI Crash Designfehler
1875| [2655] Microsoft Windows 2000/XP/Server 2003 XML Core Services Designfehler
1876| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
1877| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
1878| [32693] Microsoft Word 2004 memory corruption
1879| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
1880| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
1881| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
1882| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
1883| [32694] Microsoft Windows 2000 memory corruption
1884| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
1885| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
1886| [32687] Microsoft Word 2000/2002 memory corruption
1887| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
1888| [2601] Microsoft Windows XP/Server 2003 IPv6 Stack denial of service
1889| [2600] Microsoft Windows XP/Server 2003 IPv6 Stack TCP denial of service
1890| [2599] Microsoft Windows XP/Server 2003 IPv6 Stack ICMP denial of service
1891| [2598] Microsoft Windows XP/Server 2003 Object Packager Designfehler
1892| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
1893| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
1894| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
1895| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
1896| [2593] Microsoft ASP.NET 2.0 cross site scripting
1897| [2571] Microsoft PowerPoint up to 2003 Document memory corruption
1898| [2554] Microsoft PowerPoint 2000 memory corruption
1899| [2522] Microsoft Windows 2000/XP/Server 2003 Indexing Service cross site scripting
1900| [2521] Microsoft Publisher 2000/2002/2003 PUB File Stack-based memory corruption
1901| [2508] Microsoft Word 2000 memory corruption
1902| [2478] Microsoft Internet Explorer up to 6 on Win 2000 HTTP 1.1 Compression Heap-based memory corruption
1903| [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption
1904| [2436] Microsoft Windows 2000/XP/Server 2003 Kernel memory corruption
1905| [2435] Microsoft Windows 2000/XP/Server 2003 Exception memory corruption
1906| [2434] Microsoft Windows 2000/XP/Server 2003 Winlogon race condition
1907| [2433] Microsoft Windows 2000 Management Console cross site scripting
1908| [2432] Microsoft Windows 2000/XP/Server 2003 DNS Resolver Heap-based memory corruption
1909| [2431] Microsoft Windows 2000/XP/Server 2003 Winsock API memory corruption
1910| [2430] Microsoft Windows 2000/XP/Server 2003 RPC ELV memory corruption
1911| [2426] Microsoft Windows 2000/XP/Server 2003 WMF File gdi32.dll denial of service
1912| [2415] Microsoft Windows 2000/XP/Server 2003 SMB File srv.sys denial of service
1913| [31527] Microsoft Internet Explorer 6.0 on Win 2000 ActiveX Object Stack-Based denial of service
1914| [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service
1915| [31354] Microsoft PowerPoint 2003 memory corruption
1916| [31351] Microsoft ISA Server 2004 Filters unknown vulnerability
1917| [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption
1918| [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption
1919| [31318] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
1920| [31317] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
1921| [31316] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
1922| [31313] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
1923| [31312] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
1924| [31311] Microsoft Excel 2000/2002/2003/XP memory corruption
1925| [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
1926| [31237] Microsoft Office 2000/2003/Xp memory corruption
1927| [31235] Microsoft Office 2000/2003/Xp memory corruption
1928| [2371] Microsoft NET Framework up to 2.0 URL Validator unknown vulnerability
1929| [2370] Microsoft Windows 2000/XP/Server 2003 Server Protocol Driver Server Message Block Heap-based memory corruption
1930| [2369] Microsoft Windows 2000/XP/Server 2003 Server Service Mailslot Heap-based memory corruption
1931| [2367] Microsoft Office 2000/2003/XP Document String memory corruption
1932| [2366] Microsoft Windows 2000/XP/Server 2003 DHCP Client memory corruption
1933| [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption
1934| [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption
1935| [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption
1936| [31238] Microsoft Internet Explorer 6.0 on Win 2000 Crash denial of service
1937| [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption
1938| [31133] Microsoft Windows XP/Server 2003 explorer.exe memory corruption
1939| [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll Long Hyperlink memory corruption
1940| [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption
1941| [30801] Microsoft Windows up to 2000 Connection Manager Stack-based memory corruption
1942| [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting
1943| [2311] Microsoft Windows 2000/XP/Server 2003 MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk memory corruption
1944| [2310] Microsoft Windows 2000 RPC spoofing
1945| [2309] Microsoft Windows 2000/XP/Server 2003 Routing and Remote Access Service RPC Request memory corruption
1946| [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption
1947| [2307] Microsoft Windows 2000/XP/Server 2003 JScript Object memory corruption
1948| [2306] Microsoft Windows 2000/XP/Server 2003 IP Source Routing memory corruption
1949| [2305] Microsoft Windows XP/Server 2003 ART Image Heap-based memory corruption
1950| [2294] Microsoft Word up to 2003 DOC Document Backdoor Designfehler
1951| [2275] Microsoft Windows XP/Server 2003 mhtml URI inetcomm.dll memory corruption
1952| [2253] Microsoft Word up to 2003 Backdoor memory corruption
1953| [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption
1954| [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator Crash denial of service
1955| [2218] Microsoft Windows 2000/XP/Server 2003 MSDTC Heap-based denial of service
1956| [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption
1957| [2190] Microsoft Office 2003 mailto URI unknown vulnerability
1958| [2147] Microsoft Windows 2000/XP/Server 2003 COM Object memory corruption
1959| [2135] Microsoft FrontPage Server Extensions 2002 cross site scripting
1960| [29524] Microsoft ISA Server 2004 unknown vulnerability
1961| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
1962| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
1963| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
1964| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
1965| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
1966| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
1967| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
1968| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
1969| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
1970| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
1971| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
1972| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
1973| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
1974| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
1975| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
1976| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
1977| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1978| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1979| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1980| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1981| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1982| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1983| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1984| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1985| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1986| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1987| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
1988| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1989| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1990| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
1991| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
1992| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
1993| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
1994| [134704] Microsoft SQL Server 2017 Analysis Services information disclosure
1995| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
1996| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
1997| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
1998| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
1999| [134697] Microsoft Office/Word 2016/2019/365 ProPlus memory corruption
2000| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
2001| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
2002| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2003| [133235] Microsoft Azure DevOps Server 2019 privilege escalation
2004| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2005| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
2006| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
2007| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
2008| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
2009| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
2010| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2011| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
2012| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
2013| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2014| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2015| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
2016| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2017| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
2018| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
2019| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
2020| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
2021| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2022| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
2023| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2024| [133204] Microsoft Office/Excel up to 2019 memory corruption
2025| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2026| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2027| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2028| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2029| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
2030| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
2031| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
2032| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
2033| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2034| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
2035| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2036| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
2037| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
2038| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2039| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2040| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
2041| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
2042| [133184] Microsoft Office 2016 for Mac/2019/365 ProPlus Graphics Component memory corruption
2043| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
2044| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
2045| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
2046| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
2047| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
2048| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
2049| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
2050| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
2051| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
2052| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
2053| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
2054| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
2055| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
2056| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
2057| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
2058| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
2059| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
2060| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
2061| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
2062| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
2063| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
2064| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
2065| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2066| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
2067| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
2068| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
2069| [131658] Microsoft Windows up to Server 2019 information disclosure
2070| [131657] Microsoft Windows up to Server 2019 denial of service
2071| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
2072| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
2073| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
2074| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
2075| [131650] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V denial of service
2076| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
2077| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
2078| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
2079| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2080| [131632] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
2081| [131631] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
2082| [131630] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
2083| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
2084| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
2085| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
2086| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
2087| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
2088| [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation
2089| [131329] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 information disclosure
2090| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
2091| [130832] Microsoft 2013 SP1 spoofing
2092| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
2093| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
2094| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
2095| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
2096| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
2097| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
2098| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2099| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
2100| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
2101| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2102| [130814] Microsoft Windows up to Server 2019 privilege escalation
2103| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
2104| [130808] Microsoft Windows up to Server 2019 information disclosure
2105| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
2106| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
2107| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
2108| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
2109| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
2110| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
2111| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
2112| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2113| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
2114| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
2115| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
2116| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
2117| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
2118| [130792] Microsoft Windows up to Server 2019 HID information disclosure
2119| [130791] Microsoft Windows up to Server 2019 HID information disclosure
2120| [130790] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2121| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2122| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2123| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2124| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2125| [130785] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus Security Feature Phishing spoofing
2126| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
2127| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
2128| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
2129| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
2130| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
2131| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
2132| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
2133| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
2134| [128762] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus Word memory corruption
2135| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2136| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2137| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2138| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2139| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2140| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2141| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2142| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2143| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2144| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2145| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
2146| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
2147| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
2148| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
2149| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2150| [128745] Microsoft Office up to 2019 Word Macro information disclosure
2151| [128744] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
2152| [128743] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
2153| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2154| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2155| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
2156| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
2157| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
2158| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
2159| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
2160| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
2161| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
2162| [128732] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus MSHTML Engine privilege escalation
2163| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
2164| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
2165| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
2166| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
2167| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
2168| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2169| [128717] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V memory corruption
2170| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
2171| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
2172| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
2173| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
2174| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
2175| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
2176| [127826] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Win32k ASLR privilege escalation
2177| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
2178| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
2179| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
2180| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
2181| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
2182| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
2183| [127817] Microsoft Excel up to 2019 information disclosure
2184| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
2185| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
2186| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
2187| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
2188| [127809] Microsoft PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus memory corruption
2189| [127806] Microsoft Outlook up to 2019 memory corruption
2190| [127805] Microsoft Excel up to 2019 memory corruption
2191| [127804] Microsoft Excel up to 2019 memory corruption
2192| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
2193| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
2194| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
2195| [126755] Microsoft .NET Core 2.1 privilege escalation
2196| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
2197| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
2198| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
2199| [126748] Microsoft Office 2019/365 ProPlus Outlook Message information disclosure
2200| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
2201| [126746] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2202| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
2203| [126744] Microsoft Office up to 2019 Word memory corruption
2204| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2205| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2206| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
2207| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
2208| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
2209| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
2210| [126734] Microsoft Office 2019/365 ProPlus information disclosure
2211| [126733] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DirectX memory corruption
2212| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
2213| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
2214| [126727] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2215| [126726] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2216| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
2217| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
2218| [126718] Microsoft Windows up to Server 2016 Search memory corruption
2219| [126717] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2019 memory corruption
2220| [126716] Microsoft Office up to 2019 Excel memory corruption
2221| [126715] Microsoft Office 2016/2019/365 ProPlus Excel memory corruption
2222| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
2223| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2224| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
2225| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
2226| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
2227| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
2228| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
2229| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
2230| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
2231| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
2232| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
2233| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
2234| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
2235| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
2236| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
2237| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
2238| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
2239| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2240| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2241| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2242| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2243| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
2244| [125100] Microsoft Office/Powerpoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
2245| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
2246| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2247| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
2248| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
2249| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
2250| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2251| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2252| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
2253| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
2254| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
2255| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
2256| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
2257| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
2258| [123872] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 SMB information disclosure
2259| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
2260| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
2261| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2013 RT SP1/2016 cross site scripting
2262| [123861] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
2263| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2264| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
2265| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
2266| [123849] Microsoft Windows up to Server 2016 SMB denial of service
2267| [123846] Microsoft Office 2016 on Win/Mac memory corruption
2268| [123844] Microsoft Word 2013 SP1/2013 RT SP1/2016 PDF File memory corruption
2269| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2270| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2271| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
2272| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
2273| [123827] Microsoft Windows up to Server 2016 Image memory corruption
2274| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
2275| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
2276| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
2277| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
2278| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
2279| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
2280| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
2281| [122875] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
2282| [122874] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
2283| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
2284| [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure
2285| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
2286| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2287| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
2288| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
2289| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
2290| [122848] Microsoft Windows Security Feature 2FA weak authentication
2291| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
2292| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
2293| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
2294| [121208] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R Attachment privilege escalation
2295| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2296| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
2297| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
2298| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
2299| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
2300| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
2301| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
2302| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2303| [121098] Microsoft Office 2016/2016 C2R memory corruption
2304| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
2305| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
2306| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2307| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
2308| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
2309| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
2310| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
2311| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
2312| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2313| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
2314| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2315| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2316| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2317| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2318| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2319| [119459] Microsoft Windows up to Server 2016 memory corruption
2320| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
2321| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
2322| [119455] Microsoft Windows up to Server 2016 denial of service
2323| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2324| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
2325| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
2326| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
2327| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
2328| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
2329| [119436] Microsoft Windows up to Server 2016 memory corruption
2330| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
2331| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
2332| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
2333| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
2334| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
2335| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
2336| [117507] Microsoft Infopath 2013 SP1 memory corruption
2337| [117505] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
2338| [117504] Microsoft Office 2010 SP2 information disclosure
2339| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
2340| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
2341| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2342| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
2343| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
2344| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
2345| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
2346| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
2347| [117473] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
2348| [117472] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
2349| [117471] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
2350| [117470] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
2351| [117469] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
2352| [117468] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
2353| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
2354| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
2355| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
2356| [116132] Microsoft Office 2016 Memory information disclosure
2357| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2358| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
2359| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
2360| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
2361| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
2362| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
2363| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2364| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
2365| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
2366| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
2367| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
2368| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
2369| [116023] Microsoft Office up to 2016 C2R information disclosure
2370| [116022] Microsoft Excel 2010 SP2 memory corruption
2371| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Active Directory privilege escalation
2372| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
2373| [116018] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
2374| [116017] Microsoft Excel up to 2016 C2R memory corruption
2375| [116016] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Graphics memory corruption
2376| [116014] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
2377| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
2378| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
2379| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
2380| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
2381| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
2382| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
2383| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
2384| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
2385| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
2386| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
2387| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
2388| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2389| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
2390| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
2391| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Kernel information disclosure
2392| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2393| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2394| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2395| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2396| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2397| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2398| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2399| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2400| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2401| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2402| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2403| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
2404| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
2405| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
2406| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
2407| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
2408| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
2409| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
2410| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
2411| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
2412| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
2413| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
2414| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
2415| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
2416| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
2417| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
2418| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
2419| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
2420| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
2421| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
2422| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
2423| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
2424| [114520] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge privilege escalation
2425| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
2426| [114517] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge VFS privilege escalation
2427| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
2428| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
2429| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
2430| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
2431| [113259] Microsoft Windows 10/Server 2016/Server 1709 NTFS privilege escalation
2432| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
2433| [113253] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
2434| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
2435| [113250] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
2436| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
2437| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
2438| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
2439| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
2440| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
2441| [113240] Microsoft Windows 10/Server 2016/Server 1709 AppContainer privilege escalation
2442| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2443| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2444| [113233] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Uninitialized Memory information disclosure
2445| [113232] Microsoft Excel 2016 memory corruption
2446| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
2447| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
2448| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
2449| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
2450| [111567] Microsoft Office 2010/2013/2016 memory corruption
2451| [111564] Microsoft Word 2016 memory corruption
2452| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
2453| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
2454| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2455| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
2456| [110553] Microsoft Office 2016 C2R information disclosure
2457| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
2458| [110551] Microsoft Excel 2016 C2R memory corruption
2459| [110550] Microsoft PowerPoint 2013 SP1/2013 RT SP1/2016 information disclosure
2460| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
2461| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
2462| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
2463| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
2464| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
2465| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
2466| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
2467| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
2468| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
2469| [107759] Microsoft Windows up to Server 2016 SMB denial of service
2470| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2471| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2472| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
2473| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
2474| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
2475| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
2476| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
2477| [107738] Microsoft Windows up to Server 2016 Search information disclosure
2478| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
2479| [107732] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
2480| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
2481| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2482| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2483| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2484| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
2485| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
2486| [107698] Microsoft Office 2016 memory corruption
2487| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
2488| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
2489| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2490| [106529] Microsoft PowerPoint 2016 memory corruption
2491| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
2492| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
2493| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
2494| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
2495| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
2496| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
2497| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
2498| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
2499| [106474] Microsoft Office 2016 memory corruption
2500| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
2501| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
2502| [106470] Microsoft Excel 2011 on Mac memory corruption
2503| [106455] Microsoft Exchange Server 2013/2016 information disclosure
2504| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
2505| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
2506| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
2507| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
2508| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
2509| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
2510| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
2511| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
2512| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
2513| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
2514| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
2515| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
2516| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
2517| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
2518| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
2519| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
2520| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
2521| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
2522| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
2523| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2524| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
2525| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
2526| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
2527| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
2528| [103468] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 Open Redirect
2529| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
2530| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
2531| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
2532| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
2533| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
2534| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
2535| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
2536| [103426] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
2537| [103425] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
2538| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
2539| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
2540| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
2541| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
2542| [102463] Microsoft Project Server 2013 SP1 cross site scripting
2543| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
2544| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
2545| [102446] Microsoft Office up to 2016 privilege escalation
2546| [102445] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 privilege escalation
2547| [102443] Microsoft Office up to 2016 privilege escalation
2548| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
2549| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
2550| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
2551| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
2552| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
2553| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
2554| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
2555| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
2556| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
2557| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
2558| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
2559| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
2560| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
2561| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
2562| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
2563| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
2564| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
2565| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
2566| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2567| [101019] Microsoft Skype for Business 2016 memory corruption
2568| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
2569| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
2570| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
2571| [101014] Microsoft Office 2010 SP2/2016 memory corruption
2572| [101013] Microsoft Office 2010 SP2/2016 memory corruption
2573| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
2574| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
2575| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
2576| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
2577| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
2578| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
2579| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
2580| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
2581| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
2582| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
2583| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
2584| [98096] Microsoft Exchange 2013 SP1 privilege escalation
2585| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
2586| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
2587| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
2588| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
2589| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
2590| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
2591| [98082] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 denial of service
2592| [98081] Microsoft Excel up to 2016 information disclosure
2593| [98080] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2594| [98079] Microsoft Word 2016 memory corruption
2595| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
2596| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
2597| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
2598| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
2599| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
2600| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
2601| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
2602| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
2603| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
2604| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
2605| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
2606| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
2607| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
2608| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
2609| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
2610| [94451] Microsoft Office 2011 memory corruption
2611| [94447] Microsoft Office 2010 SP2 memory corruption
2612| [94446] Microsoft Office 2016 memory corruption
2613| [94444] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL Loader memory corruption
2614| [94443] Microsoft Office up to 2016 information disclosure
2615| [94442] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
2616| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
2617| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
2618| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
2619| [93416] Microsoft SQL Server up to 2012 SP3/2014 SP2/2016 Server Agent atxcore.dll privilege escalation
2620| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
2621| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
2622| [93413] Microsoft SQL Server up to 2014 SP2/2016 RDBMS Engine privilege escalation
2623| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
2624| [93393] Microsoft Office up to 2016 memory corruption
2625| [93392] Microsoft Office up to 2016 memory corruption
2626| [93391] Microsoft Office up to 2016 memory corruption
2627| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
2628| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
2629| [92587] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
2630| [92584] Microsoft Office up to 2016 memory corruption
2631| [91571] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
2632| [91570] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
2633| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
2634| [91555] Microsoft Exchange 2013/2016 Link spoofing
2635| [91550] Microsoft Office 2016 memory corruption
2636| [91547] Microsoft Office 2010 memory corruption
2637| [91543] Microsoft Office up to 2016 memory corruption
2638| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
2639| [90711] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation
2640| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
2641| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
2642| [89043] Microsoft Office up to 2016 memory corruption
2643| [89041] Microsoft Office up to 2016 memory corruption
2644| [89040] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 memory corruption
2645| [89038] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature privilege escalation
2646| [89037] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2647| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
2648| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
2649| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
2650| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
2651| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
2652| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
2653| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
2654| [87936] Microsoft Office up to 2016 memory corruption
2655| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
2656| [87156] Microsoft Windows 8.1/RT 8.1/10/Server 2012 R2 Shell memory corruption
2657| [87149] Microsoft Office up to 2016 memory corruption
2658| [87148] Microsoft Office 2010 Graphics memory corruption
2659| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
2660| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
2661| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
2662| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
2663| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
2664| [81274] Microsoft Office up to 2016 memory corruption
2665| [81270] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
2666| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
2667| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
2668| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2669| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
2670| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
2671| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
2672| [80870] Microsoft Office up to 2016 memory corruption
2673| [80868] Microsoft Office up to 2016 memory corruption
2674| [80867] Microsoft Office up to 2016 memory corruption
2675| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
2676| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
2677| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
2678| [80231] Microsoft Excel up to 2016 Office Document memory corruption
2679| [80229] Microsoft Exchange Server 2013 SP1/2013 CU 10/2013 CU 11/2016 Outlook Web Access cross site scripting
2680| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
2681| [80227] Microsoft Exchange Server 2013 SP1/2013 CU 10/2016 Outlook Web Access cross site scripting
2682| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
2683| [80218] Microsoft Office up to 2016 ASLR privilege escalation
2684| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
2685| [80216] Microsoft Office up to 2016 Office Document memory corruption
2686| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
2687| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
2688| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
2689| [79500] Microsoft Office 2010/2011/2016 memory corruption
2690| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
2691| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
2692| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
2693| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
2694| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
2695| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
2696| [77638] Microsoft Lync Server 2013 cross site scripting
2697| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2698| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
2699| [77050] Microsoft Office up to 2016 memory corruption
2700| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
2701| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
2702| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
2703| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
2704| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
2705| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
2706| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
2707| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
2708| [75786] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
2709| [66976] Microsoft Access 2010 VBA Datatype denial of service
2710| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
2711| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
2712| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
2713| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
2714| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
2715| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
2716| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
2717| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
2718| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
2719| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
2720| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
2721| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
2722| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
2723| [69156] Microsoft Office 2010 Object memory corruption
2724| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
2725| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
2726| [68191] Microsoft SharePoint 2010 cross site scripting
2727| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
2728| [67518] Microsoft Lync 2013 denial of service
2729| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
2730| [67516] Microsoft Lync 2010/2013 denial of service
2731| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
2732| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
2733| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
2734| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
2735| [13228] Microsoft Office 2013 Document privilege escalation
2736| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
2737| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
2738| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
2739| [12238] Microsoft Windows 8/Server 2012/RT IPv6 denial of service
2740| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
2741| [12183] Microsoft .NET Framework 2/4 DTD denial of service
2742| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
2743| [11468] Microsoft Exchange 2010/2013 cross site scripting
2744| [11466] Microsoft Office 2013 File Response information disclosure
2745| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
2746| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
2747| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
2748| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
2749| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
2750| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
2751| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
2752| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
2753| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
2754| [8722] Microsoft Windows 8/Server 2012/RT HTTP.sys denial of service
2755| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
2756| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
2757| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
2758| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
2759| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
2760| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
2761| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
2762| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
2763| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
2764| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
2765| [7343] Microsoft Lync 2012 HTTP Format String
2766| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
2767| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
2768| [6831] Microsoft Office Picture Manager 2010 File memory corruption
2769| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
2770| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
2771| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
2772| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
2773| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
2774| [5641] Microsoft SharePoint 2010 cross site scripting
2775| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
2776| [12311] Microsoft Lync 2010 Search race condition
2777| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
2778| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
2779| [60208] Microsoft Visio Viewer 2010 memory corruption
2780| [60207] Microsoft Visio Viewer 2010 memory corruption
2781| [60206] Microsoft Visio Viewer 2010 memory corruption
2782| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
2783| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
2784| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
2785| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
2786| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
2787| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
2788| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
2789| [4424] Microsoft Host Integration Server up to 2010 denial of service
2790| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
2791| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
2792| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
2793| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
2794| [4414] Microsoft SharePoint 2010 cross site scripting
2795| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS Designfehler
2796| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
2797| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
2798| [4332] Microsoft PowerPoint 2010/2007 memory corruption
2799| [56028] Microsoft Data Access Components 2.8 memory corruption
2800| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
2801| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
2802| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
2803| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
2804| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
2805| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
2806| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
2807| [4009] Microsoft NET Framework 2.x/3.x denial of service
2808| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
2809| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
2810| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
2811| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
2812| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
2813| [32692] Microsoft XML Core Services up to 2.6 memory corruption
2814| [32691] Microsoft XML Core Services up to 2.6 memory corruption
2815| [29608] Microsoft Data Access Components 2.7 memory corruption
2816|
2817| MITRE CVE - https://cve.mitre.org:
2818| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
2819| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
2820| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
2821| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
2822| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
2823| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
2824| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
2825| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
2826| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
2827| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
2828| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
2829| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
2830| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
2831| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
2832| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
2833| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
2834| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
2835| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
2836| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
2837| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
2838| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
2839| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
2840| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
2841| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
2842| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
2843| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
2844| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
2845| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
2846| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
2847| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
2848| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
2849| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
2850| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
2851| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
2852| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
2853| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
2854| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
2855| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
2856| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
2857| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
2858| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
2859| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
2860| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
2861| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
2862| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
2863| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
2864| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
2865| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
2866| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
2867| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2868| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2869| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2870| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2871| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2872| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2873| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2874| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2875| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2876| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2877| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2878| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2879| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2880| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2881| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2882| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2883| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2884| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2885| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2886| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2887| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2888| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2889| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2890| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2891| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2892| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2893| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2894| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2895| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2896| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2897| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
2898| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
2899| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
2900| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
2901| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
2902| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
2903| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
2904| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
2905| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
2906| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
2907| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
2908| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
2909| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
2910| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
2911| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
2912| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
2913| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
2914| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
2915| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
2916| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
2917| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
2918| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
2919| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
2920| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
2921| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
2922| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
2923| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
2924| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
2925| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
2926| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
2927| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
2928| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
2929| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
2930| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
2931| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
2932| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
2933| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
2934| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
2935| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
2936| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
2937| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
2938| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
2939| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
2940| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
2941| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
2942| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
2943| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
2944| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
2945| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
2946| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
2947| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
2948| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
2949| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
2950| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
2951| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
2952| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
2953| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
2954| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
2955| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
2956| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
2957| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
2958| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
2959| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
2960| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
2961| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
2962| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
2963| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
2964| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
2965| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
2966| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
2967| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
2968| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
2969| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
2970| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
2971| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
2972| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
2973| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
2974| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
2975| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
2976| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
2977| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
2978| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
2979| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
2980| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
2981| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
2982| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
2983| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
2984| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
2985| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
2986| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
2987| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
2988| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
2989| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
2990| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
2991| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
2992| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
2993| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
2994| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
2995| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
2996| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
2997| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
2998| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
2999| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
3000| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
3001| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
3002| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
3003| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
3004| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
3005| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
3006| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
3007| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
3008| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
3009| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
3010| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
3011| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
3012| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
3013| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
3014| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
3015| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
3016| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
3017| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
3018| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
3019| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
3020| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
3021| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
3022| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
3023| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
3024| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
3025| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
3026| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
3027| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
3028| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
3029| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
3030| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
3031| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
3032| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
3033| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
3034| [CVE-2011-1990] Microsoft Excel 2007 SP2
3035| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
3036| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
3037| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
3038| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
3039| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
3040| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
3041| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
3042| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
3043| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
3044| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
3045| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
3046| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
3047| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
3048| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
3049| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
3050| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
3051| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
3052| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
3053| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
3054| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
3055| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
3056| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
3057| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
3058| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
3059| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3060| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3061| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3062| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3063| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3064| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3065| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3066| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3067| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3068| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3069| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
3070| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3071| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3072| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3073| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
3074| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
3075| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
3076| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
3077| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
3078| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
3079| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
3080| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
3081| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
3082| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
3083| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
3084| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
3085| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
3086| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
3087| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
3088| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3089| [CVE-2011-1275] Microsoft Excel 2002 SP3
3090| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3091| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3092| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3093| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
3094| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
3095| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
3096| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
3097| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
3098| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
3099| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
3100| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
3101| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
3102| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
3103| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
3104| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3105| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3106| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3107| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3108| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3109| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3110| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3111| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3112| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3113| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3114| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3115| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3116| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3117| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3118| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3119| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3120| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3121| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3122| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
3123| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3124| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3125| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
3126| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
3127| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3128| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3129| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3130| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3131| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3132| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3133| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3134| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3135| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3136| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3137| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
3138| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3139| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
3140| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
3141| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
3142| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
3143| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3144| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
3145| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
3146| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
3147| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
3148| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
3149| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
3150| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
3151| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3152| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3153| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
3154| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
3155| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
3156| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
3157| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
3158| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
3159| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
3160| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
3161| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
3162| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
3163| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
3164| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
3165| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
3166| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
3167| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
3168| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
3169| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
3170| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
3171| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
3172| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
3173| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
3174| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
3175| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
3176| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
3177| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
3178| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
3179| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
3180| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
3181| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
3182| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
3183| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
3184| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
3185| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
3186| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
3187| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
3188| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
3189| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
3190| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
3191| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
3192| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
3193| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
3194| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
3195| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
3196| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
3197| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
3198| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
3199| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
3200| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
3201| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
3202| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
3203| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
3204| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
3205| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
3206| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
3207| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
3208| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
3209| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
3210| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
3211| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
3212| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
3213| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
3214| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
3215| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
3216| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
3217| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
3218| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
3219| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
3220| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
3221| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
3222| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
3223| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
3224| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
3225| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
3226| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
3227| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
3228| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
3229| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
3230| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
3231| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
3232| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
3233| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
3234| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
3235| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3236| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
3237| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
3238| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
3239| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
3240| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
3241| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
3242| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
3243| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
3244| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
3245| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
3246| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
3247| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
3248| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
3249| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
3250| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
3251| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
3252| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
3253| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
3254| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
3255| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
3256| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
3257| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
3258| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
3259| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
3260| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
3261| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
3262| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
3263| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
3264| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
3265| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
3266| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
3267| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
3268| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
3269| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
3270| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
3271| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
3272| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
3273| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
3274| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
3275| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
3276| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
3277| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
3278| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
3279| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
3280| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
3281| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
3282| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
3283| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
3284| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
3285| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
3286| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
3287| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
3288| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
3289| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
3290| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
3291| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
3292| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
3293| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
3294| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
3295| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
3296| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
3297| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
3298| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
3299| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
3300| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
3301| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
3302| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
3303| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
3304| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
3305| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
3306| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
3307| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
3308| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
3309| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
3310| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
3311| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
3312| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
3313| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
3314| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
3315| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
3316| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
3317| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
3318| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
3319| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
3320| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
3321| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
3322| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
3323| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
3324| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
3325| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
3326| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
3327| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
3328| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
3329| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
3330| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
3331| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
3332| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
3333| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
3334| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
3335| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
3336| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
3337| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
3338| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
3339| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
3340| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
3341| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
3342| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
3343| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
3344| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
3345| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
3346| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
3347| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
3348| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
3349| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
3350| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
3351| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
3352| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3353| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
3354| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
3355| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
3356| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
3357| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
3358| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
3359| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
3360| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
3361| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
3362| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
3363| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
3364| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
3365| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
3366| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
3367| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
3368| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
3369| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
3370| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
3371| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
3372| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
3373| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
3374| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
3375| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
3376| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
3377| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
3378| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
3379| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
3380| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
3381| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
3382| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
3383| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
3384| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
3385| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
3386| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
3387| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
3388| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
3389| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
3390| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
3391| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
3392| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
3393| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
3394| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
3395| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
3396| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
3397| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
3398| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
3399| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
3400| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
3401| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
3402| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
3403| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
3404| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3405| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
3406| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3407| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3408| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
3409| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3410| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
3411| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
3412| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
3413| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
3414| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
3415| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
3416| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
3417| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
3418| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
3419| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
3420| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
3421| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
3422| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
3423| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
3424| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
3425| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
3426| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
3427| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
3428| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
3429| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
3430| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
3431| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
3432| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
3433| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
3434| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
3435| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
3436| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
3437| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
3438| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
3439| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
3440| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
3441| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
3442| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
3443| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
3444| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
3445| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
3446| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
3447| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
3448| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
3449| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
3450| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
3451| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
3452| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
3453| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
3454| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
3455| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
3456| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
3457| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
3458| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
3459| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
3460| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
3461| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
3462| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
3463| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
3464| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
3465| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
3466| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
3467| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
3468| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
3469| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
3470| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
3471| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
3472| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
3473| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
3474| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
3475| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
3476| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
3477| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
3478| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
3479| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
3480| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
3481| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
3482| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
3483| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
3484| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
3485| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
3486| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
3487| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
3488| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
3489| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3490| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
3491| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
3492| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
3493| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
3494| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
3495| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
3496| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
3497| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
3498| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
3499| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
3500| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
3501| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
3502| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
3503| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
3504| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
3505| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
3506| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
3507| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
3508| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
3509| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
3510| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
3511| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
3512| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
3513| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
3514| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
3515| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
3516| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
3517| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3518| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
3519| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
3520| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
3521| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
3522| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
3523| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
3524| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
3525| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
3526| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
3527| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
3528| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
3529| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
3530| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
3531| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
3532| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
3533| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
3534| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
3535| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
3536| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
3537| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
3538| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
3539| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
3540| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
3541| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
3542| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
3543| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
3544| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
3545| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
3546| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
3547| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
3548| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
3549| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
3550| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
3551| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
3552| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
3553| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
3554| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
3555| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
3556| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
3557| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
3558| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
3559| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
3560| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
3561| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
3562| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
3563| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
3564| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
3565| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
3566| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
3567| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
3568| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
3569| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
3570| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
3571| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
3572| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
3573| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
3574| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
3575| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
3576| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
3577| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
3578| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
3579| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
3580| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
3581| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
3582| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
3583| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
3584| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
3585| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
3586| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
3587| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
3588| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
3589| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
3590| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
3591| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
3592| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
3593| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
3594| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
3595| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
3596| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
3597| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
3598| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
3599| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
3600| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
3601| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
3602| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
3603| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
3604| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
3605| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
3606| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
3607| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
3608| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
3609| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
3610| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
3611| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
3612| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
3613| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
3614| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
3615| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
3616| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
3617| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
3618| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
3619| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
3620| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
3621| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
3622| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
3623| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
3624| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
3625| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
3626| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
3627| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
3628| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
3629| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
3630| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
3631| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
3632| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
3633| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
3634| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
3635| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
3636| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
3637| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
3638| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
3639| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
3640| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
3641| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
3642| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
3643| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
3644| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
3645| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
3646| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
3647| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
3648| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
3649| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
3650| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
3651| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
3652| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
3653| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
3654| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
3655| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
3656| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
3657| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
3658| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
3659| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
3660| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
3661| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
3662| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
3663| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
3664| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
3665| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
3666| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
3667| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
3668| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
3669| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
3670| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
3671| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
3672| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
3673| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
3674| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
3675| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
3676| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
3677| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
3678| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
3679| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
3680| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
3681| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
3682| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
3683| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
3684| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
3685| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
3686| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
3687| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
3688| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
3689| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
3690| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
3691| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
3692| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
3693| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
3694| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
3695| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
3696| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
3697| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
3698| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
3699| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
3700| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
3701| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
3702| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
3703| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
3704| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
3705| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
3706| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
3707| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
3708| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
3709| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
3710| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
3711| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
3712| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
3713| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
3714| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
3715| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
3716| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
3717| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
3718| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
3719| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
3720| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
3721| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
3722| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
3723| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
3724| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
3725| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
3726| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
3727| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
3728| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
3729| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
3730| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
3731| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
3732| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
3733| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
3734| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
3735| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
3736| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
3737| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
3738| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
3739| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
3740| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
3741| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
3742| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
3743| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
3744| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
3745| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
3746| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
3747| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
3748| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
3749| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
3750| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
3751| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
3752| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
3753| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
3754| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
3755| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
3756| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
3757| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
3758| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
3759| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
3760| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
3761| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
3762| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
3763| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
3764| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
3765| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
3766| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
3767| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
3768| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
3769| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
3770| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
3771| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
3772| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
3773| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
3774| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
3775| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
3776| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
3777| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
3778| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
3779| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
3780| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
3781| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
3782| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
3783| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
3784| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
3785| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
3786| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
3787| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
3788| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
3789| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
3790| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
3791| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
3792| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
3793| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
3794| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
3795| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
3796| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
3797| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
3798| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
3799| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
3800| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
3801| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
3802| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
3803| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
3804| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
3805| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
3806| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
3807| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
3808| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
3809| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
3810| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
3811| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
3812| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
3813| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
3814| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
3815| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
3816| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
3817| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
3818| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
3819| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
3820| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
3821| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
3822| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
3823| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
3824| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
3825| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
3826| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
3827| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
3828| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
3829| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
3830| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
3831| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
3832| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
3833| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
3834| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
3835| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
3836| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
3837| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
3838| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
3839| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
3840| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
3841| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
3842| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
3843| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
3844| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
3845| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
3846| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
3847| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
3848| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
3849| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
3850| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
3851| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
3852| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
3853| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
3854| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
3855| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
3856| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
3857| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
3858| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
3859| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
3860| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
3861| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
3862| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
3863| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
3864| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
3865| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
3866| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
3867| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
3868| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
3869| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
3870| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
3871| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
3872| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
3873| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
3874| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
3875| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
3876| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
3877| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
3878| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
3879| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
3880| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
3881| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
3882| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
3883| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
3884| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
3885| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
3886| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
3887| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
3888| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
3889| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
3890| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
3891| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
3892| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
3893| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
3894| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
3895| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
3896| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
3897| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
3898| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
3899| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
3900| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
3901| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
3902| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
3903| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
3904| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
3905| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
3906| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
3907| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
3908| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
3909| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
3910| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
3911| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
3912| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
3913| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
3914| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
3915| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
3916| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
3917| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
3918| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
3919| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
3920| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
3921| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
3922| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
3923| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
3924| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
3925| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
3926| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
3927| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
3928| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
3929| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
3930| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
3931| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
3932| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
3933| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
3934| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
3935| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
3936| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
3937| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
3938| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
3939| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
3940| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
3941| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
3942| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
3943| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
3944| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
3945| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
3946| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
3947| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
3948| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
3949| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
3950| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
3951| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
3952| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
3953| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
3954| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
3955| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
3956| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
3957| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
3958| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
3959| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
3960| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
3961| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
3962| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
3963| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
3964| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
3965| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
3966| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
3967| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
3968| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
3969| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
3970| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
3971| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
3972| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
3973| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
3974| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
3975| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
3976| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
3977| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
3978| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
3979| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
3980| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
3981| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
3982| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
3983| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
3984| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
3985| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
3986| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
3987| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
3988| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
3989| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
3990| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
3991| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
3992| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
3993| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
3994| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
3995| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
3996| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
3997| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
3998| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
3999| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
4000| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
4001| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
4002| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
4003| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
4004| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
4005| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
4006| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
4007| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
4008| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
4009| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
4010| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
4011| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
4012| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
4013| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
4014| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
4015| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
4016| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
4017| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
4018| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
4019| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
4020| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
4021| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
4022| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
4023| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
4024| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
4025| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
4026| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
4027| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
4028| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
4029| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
4030| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
4031| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
4032| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
4033| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
4034| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
4035| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
4036| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
4037| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
4038| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
4039| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
4040| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
4041| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
4042| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
4043| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
4044| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
4045| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
4046| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
4047| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
4048| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
4049| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
4050| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
4051| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
4052| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
4053| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
4054| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
4055| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
4056| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
4057| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
4058| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
4059| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
4060| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
4061| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
4062| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
4063| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
4064| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
4065| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
4066| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
4067| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
4068| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
4069| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
4070| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
4071| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
4072| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
4073| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
4074| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
4075| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
4076| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
4077| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
4078| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
4079| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
4080| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
4081| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
4082| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
4083| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
4084| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
4085| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
4086| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
4087| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
4088| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
4089| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
4090| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
4091| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
4092| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
4093| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
4094| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
4095| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
4096| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
4097| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
4098| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
4099| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
4100| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
4101| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
4102| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
4103| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
4104| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
4105| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
4106| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
4107| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
4108| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
4109| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
4110| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
4111| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
4112| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
4113| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
4114| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
4115| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
4116| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
4117| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
4118| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
4119| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
4120| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
4121| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
4122| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
4123| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
4124| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
4125| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
4126| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
4127| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
4128| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
4129| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
4130| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
4131| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
4132| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
4133| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
4134| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
4135| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
4136| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
4137| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
4138| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
4139| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
4140| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
4141| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
4142| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
4143| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
4144| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
4145| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
4146| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
4147| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
4148| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
4149| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
4150| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
4151| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
4152| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
4153| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
4154| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
4155| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
4156| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
4157| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
4158| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
4159| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
4160| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4161| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4162| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4163| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4164| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
4165| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
4166| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
4167| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
4168| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
4169| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
4170| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
4171| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
4172| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
4173| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
4174| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
4175| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
4176| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
4177| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
4178| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
4179| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
4180| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
4181| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
4182| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
4183| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
4184| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
4185| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
4186| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
4187| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
4188| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
4189| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
4190| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
4191| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
4192| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
4193| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
4194| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
4195| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
4196| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
4197| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
4198| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
4199| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
4200| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
4201| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
4202| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
4203| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
4204| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
4205| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
4206| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
4207| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
4208| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
4209| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
4210| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
4211| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
4212| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
4213| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
4214| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
4215| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
4216| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
4217| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
4218| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
4219| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
4220| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
4221| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
4222| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
4223| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
4224| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
4225| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
4226| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
4227| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
4228| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
4229| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
4230| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
4231| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
4232| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
4233| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
4234| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
4235| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
4236| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
4237| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
4238| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
4239| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
4240| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
4241| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
4242| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
4243| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
4244| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
4245| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
4246| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
4247| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
4248| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
4249| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
4250| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
4251| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
4252| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
4253| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
4254| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
4255| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
4256| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
4257| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
4258| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
4259| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
4260| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
4261| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
4262| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
4263| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
4264| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
4265| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
4266| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
4267| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
4268| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
4269| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
4270| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
4271| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
4272| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
4273| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
4274| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
4275| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4276| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4277| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4278| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4279| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
4280| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
4281| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
4282| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
4283| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
4284| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
4285| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
4286| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
4287| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
4288| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
4289| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
4290| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
4291| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
4292| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
4293| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
4294| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
4295| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
4296| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
4297| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
4298| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
4299| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
4300| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
4301| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
4302| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
4303| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
4304| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
4305| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
4306| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
4307| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
4308|
4309| SecurityFocus - https://www.securityfocus.com/bid/:
4310| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
4311| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
4312| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
4313| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
4314| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
4315| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
4316| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
4317| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
4318| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
4319| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
4320| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
4321| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
4322| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
4323| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
4324| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
4325| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
4326| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
4327| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
4328| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
4329| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
4330| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
4331| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
4332| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
4333| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
4334| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
4335| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
4336| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
4337| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
4338| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
4339| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
4340| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
4341| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
4342| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
4343| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
4344| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
4345| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
4346| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
4347| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
4348| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
4349| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
4350| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
4351| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
4352| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
4353| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
4354| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
4355| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
4356| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
4357| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
4358| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
4359| [22716] Microsoft Office 2003 Denial of Service Vulnerability
4360| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
4361| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
4362| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
4363| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
4364| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
4365| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
4366| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
4367| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
4368| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
4369| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
4370| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
4371| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
4372| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
4373| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
4374| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
4375| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
4376| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
4377| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
4378| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
4379| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
4380| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
4381| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
4382| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
4383| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
4384| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
4385| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
4386| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
4387| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
4388| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
4389| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
4390| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
4391| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
4392| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
4393| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
4394| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
4395| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
4396| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
4397| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
4398| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
4399| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
4400| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
4401| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
4402| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
4403| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
4404| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
4405| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
4406| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
4407| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
4408| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
4409| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
4410| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
4411| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
4412| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
4413| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
4414| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
4415| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
4416| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
4417| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
4418| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
4419| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
4420| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
4421| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
4422| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
4423| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
4424| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
4425| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
4426| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
4427| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
4428| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
4429| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
4430| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
4431| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
4432| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
4433| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
4434| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
4435| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
4436| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
4437| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
4438| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
4439| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
4440| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
4441| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
4442| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
4443| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
4444| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
4445| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
4446| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
4447| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
4448| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
4449| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
4450| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
4451| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
4452| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
4453| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
4454| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
4455| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
4456| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
4457| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
4458| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
4459| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
4460| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
4461| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
4462| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
4463| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
4464| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
4465| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
4466| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
4467| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
4468| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
4469| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
4470| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
4471| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
4472| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
4473| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
4474| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
4475| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
4476| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
4477| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
4478| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
4479| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
4480| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
4481| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
4482| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
4483| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
4484| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
4485| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
4486| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
4487| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
4488| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
4489| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
4490| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
4491| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
4492| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
4493| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
4494| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
4495| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
4496| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
4497| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
4498| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
4499| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
4500| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
4501| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
4502| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
4503| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
4504| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
4505| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
4506| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
4507| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
4508| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
4509| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
4510| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
4511| [1197] Microsoft Office 2000 UA Control Vulnerability
4512| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
4513| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
4514| [539] Microsoft Windows 2000 EFS Vulnerability
4515| [180] Microsoft Windows April Fools 2001 Vulnerability
4516| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
4517| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
4518| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
4519| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
4520| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
4521| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
4522| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
4523| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
4524| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
4525| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
4526| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
4527| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
4528| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
4529| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
4530| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
4531| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
4532| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
4533| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
4534| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
4535| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
4536| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
4537| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
4538| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
4539| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
4540| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
4541| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
4542| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
4543| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
4544| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
4545| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
4546| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
4547| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
4548| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
4549| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
4550| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
4551| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
4552| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
4553| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
4554| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
4555| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
4556| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
4557| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
4558| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
4559| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
4560| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
4561| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
4562| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
4563| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
4564| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
4565| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
4566| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
4567| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
4568| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
4569| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
4570| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
4571| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
4572| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
4573| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
4574| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
4575| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
4576| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
4577| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
4578| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
4579| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
4580| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
4581|
4582| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4583| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
4584| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
4585| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
4586| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
4587| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
4588| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
4589| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
4590| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
4591| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
4592| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
4593| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
4594| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
4595| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
4596| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
4597| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
4598| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
4599| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
4600| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
4601| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
4602| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
4603| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
4604| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
4605| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
4606| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
4607| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
4608| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
4609| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
4610| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
4611| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
4612| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
4613| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
4614| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
4615| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
4616| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
4617| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
4618| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
4619| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
4620| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
4621| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
4622| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
4623| [48595] Microsoft Word 2007 Email as PDF information disclosure
4624| [46102] Microsoft Windows 2003 SP2 is not installed on the system
4625| [46101] Microsoft Windows 2003 SP1 is not installed on the system
4626| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
4627| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
4628| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
4629| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
4630| [34599] Microsoft Windows Server 2003 terminal server security bypass
4631| [34473] Microsoft Office 2000 ActiveX control buffer overflow
4632| [33713] Microsoft Word 2007 multiple unspecified denial of service
4633| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
4634| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
4635| [31821] Microsoft Windows time zone update for year 2007
4636| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
4637| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
4638| [29546] Microsoft Windows 2000/2003 user logoff initiated
4639| [29545] Microsoft Windows 2000/2003 system time changed
4640| [29544] Microsoft Windows 2000/2003 system security access removed
4641| [29543] Microsoft Windows 2000/2003 security access granted
4642| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
4643| [29541] Microsoft Windows 2000/2003 primary security token issued
4644| [29540] Microsoft Windows 2000/2003 user password reset successful
4645| [29539] Microsoft Windows 2000/2003 object indirectly accessed
4646| [29538] Microsoft Windows 2000/2003 object handle duplicated
4647| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
4648| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
4649| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
4650| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
4651| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
4652| [29532] Microsoft Windows 2000/2003 IKE security association established
4653| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
4654| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
4655| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
4656| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
4657| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
4658| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
4659| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
4660| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
4661| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
4662| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
4663| [29521] Microsoft Windows 2000/2003 account name changed
4664| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
4665| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
4666| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
4667| [26118] Microsoft Office 2003 mailto: information disclosure
4668| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
4669| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
4670| [24473] Microsoft Windows 2000 event ID 565 not logged
4671| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
4672| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
4673| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
4674| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
4675| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
4676| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
4677| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
4678| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
4679| [22183] Microsoft Exchange Server 2003 public folder denial of service
4680| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
4681| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
4682| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
4683| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
4684| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
4685| [19629] Microsoft Exchange Server 2003 folder denial of service
4686| [17826] Microsoft Outlook 2003 CID security bypass
4687| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
4688| [17621] Microsoft Windows 2003 SMTP service code execution
4689| [17560] Microsoft Windows 2000 and XP GDI library denial of service
4690| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
4691| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
4692| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
4693| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
4694| [16907] Microsoft Windows 2003 users with Create global objects privilege
4695| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
4696| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
4697| [16704] Microsoft Windows 2000 Media Player control code execution
4698| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
4699| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
4700| [16570] Microsoft Windows 2003 Users with Create global objects privilege
4701| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
4702| [16562] Microsoft Windows 2003 Groups with "
4703| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
4704| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
4705| [16520] Microsoft Windows 2003 Create global objects privilege
4706| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
4707| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
4708| [16119] Microsoft Outlook 2000 URL spoofing
4709| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
4710| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
4711| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
4712| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
4713| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
4714| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
4715| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
4716| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
4717| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
4718| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
4719| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
4720| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
4721| [13426] Microsoft Windows 2000 and XP RPC race condition
4722| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
4723| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
4724| [13385] Microsoft Windows Server 2003 "
4725| [13211] Microsoft Windows 2000 and XP URG memory leak
4726| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
4727| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
4728| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
4729| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
4730| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
4731| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
4732| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
4733| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
4734| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
4735| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
4736| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
4737| [11901] Microsoft BizTalk Server 2002 SQL injection
4738| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
4739| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
4740| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
4741| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
4742| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
4743| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
4744| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
4745| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
4746| [11216] Microsoft Windows NT and 2000 command prompt denial of service
4747| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
4748| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
4749| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
4750| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
4751| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
4752| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
4753| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
4754| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
4755| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
4756| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
4757| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
4758| [9779] Microsoft Windows 2000 weak system partition permissions
4759| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
4760| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
4761| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
4762| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
4763| [8867] Microsoft Windows 2000 LanMan denial of service
4764| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
4765| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
4766| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
4767| [8739] Microsoft Windows 2000 DCOM memory leak
4768| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
4769| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
4770| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
4771| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
4772| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
4773| [8199] Microsoft Windows 2000 Terminal Services unlocked client
4774| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
4775| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
4776| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
4777| [8037] Microsoft Windows 2000 empty TCP packet denial of service
4778| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
4779| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
4780| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
4781| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
4782| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
4783| [7533] Microsoft Windows 2000 RunAs service denial of service
4784| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
4785| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
4786| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
4787| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
4788| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
4789| [7008] Microsoft Windows 2000 IrDA device denial of service
4790| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
4791| [6931] Microsoft Windows 2000 without Service Pack 2
4792| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
4793| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
4794| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
4795| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
4796| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
4797| [6669] Microsoft Windows 2000 Telnet system call denial of service
4798| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
4799| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
4800| [6666] Microsoft Windows 2000 Telnet username denial of service
4801| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
4802| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
4803| [6652] Microsoft Exchange 2000 OWA script execution
4804| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
4805| [6506] Microsoft Windows 2000 Server Kerberos denial of service
4806| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
4807| [6160] Microsoft Windows 2000 event viewer buffer overflow
4808| [6136] Microsoft Windows 2000 domain controller denial of service
4809| [6035] Microsoft Windows 2000 Server RDP denial of service
4810| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
4811| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
4812| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
4813| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
4814| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
4815| [5585] Microsoft Windows 2000 brute force attack
4816| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
4817| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
4818| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
4819| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
4820| [5263] Microsoft Office 2000 executes .dll without users knowledge
4821| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
4822| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
4823| [5203] Microsoft Windows 2000 still image service
4824| [5171] Microsoft Windows 2000 Local Security Policy corruption
4825| [5080] Microsoft Office 2000 HTML object tag buffer overflow
4826| [5033] Microsoft Windows 2000 without Service Pack 1
4827| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
4828| [5015] Microsoft Windows NT and 2000 executable path
4829| [4887] Microsoft Windows 2000 Kerberos ticket renewed
4830| [4886] Microsoft Windows 2000 logon session reconnected
4831| [4885] Microsoft Windows 2000 logon session disconnected
4832| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
4833| [4873] Microsoft Windows 2000 user account mapped for logon
4834| [4872] Microsoft Windows 2000 account logon failed
4835| [4871] Microsoft Windows 2000 account used for logon
4836| [4855] Microsoft Windows 2000 group type change
4837| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
4838| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
4839| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
4840| [4819] Microsoft Windows 2000 default SYSKEY configuration
4841| [4787] Microsoft Windows 2000 user account locked out
4842| [4786] Microsoft Windows 2000 computer account created
4843| [4785] Microsoft Windows 2000 computer account changed
4844| [4784] Microsoft Windows 2000 computer account deleted
4845| [4714] Microsoft Windows 2000 "
4846| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
4847| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
4848| [4138] Microsoft Windows 2000 system file integrity feature is disabled
4849| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
4850| [4085] Microsoft Windows 2000 non-Gregorial calendar error
4851| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
4852| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
4853| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
4854| [4080] Microsoft Windows 2000 AOL image support
4855| [4079] Microsoft Windows 2000 High Encryption Pack
4856| [3854] Microsoft Office 2000 security setting
4857| [1376] Microsoft Proxy 2.0 denial of service
4858| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
4859| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
4860| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
4861| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
4862| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
4863| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
4864| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
4865| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
4866| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
4867| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
4868| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
4869| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
4870| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
4871| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
4872| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
4873| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
4874| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
4875| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
4876| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
4877| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
4878| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
4879| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
4880| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
4881| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
4882| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
4883| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
4884| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
4885| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
4886| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
4887| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
4888| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
4889| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
4890| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
4891| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
4892| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
4893| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
4894| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
4895| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
4896| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
4897| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
4898| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
4899| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
4900| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
4901| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
4902| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
4903| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
4904| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
4905| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
4906| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
4907| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
4908| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
4909| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
4910| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
4911| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
4912| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
4913| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
4914| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
4915| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
4916| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
4917| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
4918| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
4919| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
4920| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
4921| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
4922| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
4923| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
4924| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
4925| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
4926| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
4927| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
4928| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
4929| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
4930| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
4931| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
4932| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
4933| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
4934| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
4935| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
4936| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
4937| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
4938| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
4939| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
4940| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
4941| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
4942| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
4943| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
4944| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
4945| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
4946| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
4947| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
4948| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
4949| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
4950| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
4951| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
4952| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
4953| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
4954| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
4955| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
4956| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
4957| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
4958| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
4959| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
4960| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
4961| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
4962| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
4963| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
4964| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
4965| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
4966| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
4967| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
4968| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
4969| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
4970| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
4971| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
4972| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
4973| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
4974| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
4975| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
4976| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
4977| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
4978| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
4979| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
4980| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
4981| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
4982| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
4983| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
4984| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
4985| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
4986| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
4987| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
4988| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
4989| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
4990| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
4991| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
4992| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
4993| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
4994| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
4995| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
4996| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
4997| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
4998| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
4999| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
5000| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
5001| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
5002| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
5003| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
5004| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
5005| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
5006| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
5007| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
5008| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
5009| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
5010| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
5011| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
5012| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
5013| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
5014| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
5015| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
5016| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
5017| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
5018| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
5019| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
5020| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
5021| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
5022| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
5023| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
5024| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
5025| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
5026| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
5027| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
5028| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
5029| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
5030| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
5031| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
5032| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
5033| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
5034| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
5035| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
5036| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
5037| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
5038| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
5039| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
5040| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
5041| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
5042| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
5043| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
5044| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
5045| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
5046| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
5047| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
5048| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
5049| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
5050| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
5051| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
5052| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
5053| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
5054| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
5055| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
5056| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
5057| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
5058| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
5059| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
5060| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
5061| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
5062| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
5063| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
5064| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
5065| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
5066| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
5067| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
5068| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
5069| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
5070| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
5071| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
5072| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
5073| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
5074| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
5075| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
5076| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
5077| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
5078| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
5079| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
5080| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
5081| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
5082| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
5083| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
5084| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
5085| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
5086| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
5087| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
5088| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
5089| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
5090| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
5091| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
5092| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
5093| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
5094| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
5095| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
5096| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
5097| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
5098| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
5099| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
5100| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
5101| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
5102| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
5103| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
5104| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
5105| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
5106| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
5107| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
5108| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
5109| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
5110| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
5111| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
5112| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
5113| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
5114| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
5115| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
5116| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
5117| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
5118| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
5119| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
5120| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
5121| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
5122| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
5123| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
5124| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
5125| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
5126| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
5127| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
5128| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
5129| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
5130| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
5131| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
5132| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
5133| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
5134| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
5135| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
5136| [9146] Microsoft Passport SDK 2.1 events reporting disabled
5137| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
5138| [9067] Microsoft Passport SDK 2.1 default test site exposure
5139| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
5140| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
5141| [9064] Microsoft Passport SDK 2.1 default time window exposure
5142| [1271] Microsoft IIS version 2 installed
5143| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
5144|
5145| Exploit-DB - https://www.exploit-db.com:
5146| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
5147| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
5148| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
5149| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
5150| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
5151| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
5152| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
5153| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
5154| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
5155| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
5156| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
5157| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
5158| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
5159| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
5160| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
5161| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
5162| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
5163| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
5164| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
5165| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
5166| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
5167| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
5168| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
5169| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
5170| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
5171| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
5172| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
5173| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
5174| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
5175| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
5176| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
5177| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
5178| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
5179| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
5180| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
5181| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
5182| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
5183| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
5184| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
5185| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
5186| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
5187| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
5188| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
5189| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
5190| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
5191| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
5192| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
5193| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
5194| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
5195| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
5196| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
5197| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
5198| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
5199| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
5200| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
5201| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
5202| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
5203| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
5204| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
5205| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
5206| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
5207| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
5208| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
5209| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
5210| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
5211| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
5212| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
5213| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
5214| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
5215| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
5216| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
5217| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
5218| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
5219| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
5220| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
5221| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
5222| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
5223| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
5224| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
5225| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
5226| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
5227| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
5228| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
5229| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
5230| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
5231| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
5232| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
5233| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
5234| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
5235| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
5236| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
5237| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
5238| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
5239| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
5240| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
5241| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
5242| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
5243| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
5244| [18334] Microsoft Office 2003 Home/Pro 0day
5245| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
5246| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
5247| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
5248| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
5249| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
5250| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
5251| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
5252| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
5253| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
5254| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
5255| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
5256| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
5257| [3690] microsoft office word 2007 - Multiple Vulnerabilities
5258| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
5259| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
5260| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
5261| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
5262| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
5263| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
5264| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
5265| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
5266| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
5267| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
5268| [22850] Microsoft Office OneNote 2010 Crash PoC
5269| [22679] Microsoft Visio 2010 Crash PoC
5270| [22655] Microsoft Publisher 2013 Crash PoC
5271| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
5272| [22330] Microsoft Office Excel 2010 Crash PoC
5273| [22310] Microsoft Office Publisher 2010 Crash PoC
5274| [22237] Microsoft Office Picture Manager 2010 Crash PoC
5275| [22215] Microsoft Office Word 2010 Crash PoC
5276| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
5277| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
5278| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
5279| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
5280| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
5281| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
5282| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
5283| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
5284| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
5285| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
5286|
5287| OpenVAS (Nessus) - http://www.openvas.org:
5288| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
5289| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
5290| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
5291| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
5292| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
5293| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
5294| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
5295| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
5296| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
5297| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
5298| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
5299| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
5300| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
5301|
5302| SecurityTracker - https://www.securitytracker.com:
5303| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
5304| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
5305| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
5306| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
5307| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
5308| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
5309| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
5310| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
5311| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
5312| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
5313| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
5314| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
5315| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
5316| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
5317| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
5318| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
5319| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
5320| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
5321| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
5322| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
5323| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
5324| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
5325| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
5326| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
5327| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
5328| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
5329| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
5330| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
5331| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
5332| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
5333| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
5334| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
5335| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
5336| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
5337| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
5338| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
5339| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
5340| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
5341| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
5342| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
5343| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
5344| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
5345| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
5346| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
5347| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
5348| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
5349| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
5350| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
5351| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
5352| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
5353| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
5354| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
5355| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
5356| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
5357| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
5358| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
5359| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
5360| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
5361| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
5362|
5363| OSVDB - http://www.osvdb.org:
5364| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
5365| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
5366| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
5367| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
5368| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
5369| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
5370| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
5371| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
5372| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
5373| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
5374| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
5375| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
5376| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
5377| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
5378| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
5379| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
5380| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
5381| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
5382| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
5383| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
5384| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
5385| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
5386| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
5387| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
5388| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
5389| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
5390| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
5391| [28539] Microsoft Word 2000 Unspecified Code Execution
5392| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
5393| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
5394| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
5395| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
5396| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
5397| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
5398| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
5399| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
5400| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
5401| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
5402| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
5403| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
5404| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
5405| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
5406| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
5407| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
5408| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
5409| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
5410| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
5411| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
5412| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
5413| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
5414| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
5415| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
5416| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
5417| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
5418| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
5419| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
5420| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
5421| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
5422| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
5423| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
5424| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
5425| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
5426| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
5427| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
5428| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
5429| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
5430| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
5431| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
5432| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
5433| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
5434| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
5435| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
5436| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
5437| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
5438| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
5439| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
5440| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
5441| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
5442| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
5443| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
5444| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
5445| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
5446| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
5447| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
5448| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
5449| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
5450| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
5451| [8243] Microsoft SMS Port 2702 DoS
5452| [7202] Microsoft PowerPoint 2000 File Loader Overflow
5453| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
5454| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
5455| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
5456| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
5457| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
5458| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
5459| [6965] Microsoft ISA Server 2000 SSL Packet DoS
5460| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
5461| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
5462| [5179] Microsoft Windows 2000 microsoft-ds DoS
5463| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
5464| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
5465| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
5466| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
5467| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
5468| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
5469| [4168] Microsoft Outlook 2002 mailto URI Script Injection
5470| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
5471| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
5472| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
5473| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
5474| [2244] Microsoft Windows 2000 ShellExecute() API Let
5475| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
5476| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
5477| [1764] Microsoft Windows 2000 Domain Controller DoS
5478| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
5479| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
5480| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
5481| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
5482| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
5483| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
5484| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
5485| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
5486| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
5487| [1399] Microsoft Windows 2000 Windows Station Access
5488| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
5489| [1297] Microsoft Windows 2000 Active Directory Object Attribute
5490| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
5491| [773] Microsoft Windows 2000 Group Policy File Lock DoS
5492| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
5493| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
5494| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
5495| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
5496| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
5497| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
5498|_
5499Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
5500Device type: general purpose
5501Running (JUST GUESSING): Microsoft Windows 7|2008|8.1|Vista (91%)
5502OS CPE: cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_vista::sp1:home_premium cpe:/o:microsoft:windows_8
5503Aggressive OS guesses: Microsoft Windows 7 SP1 or Windows Server 2008 (91%), Microsoft Windows 8.1 (91%), Microsoft Windows 8.1 Update 1 (91%), Microsoft Windows 7 SP1 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 (91%), Microsoft Windows Windows 7 SP1 (91%), Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008 (91%), Microsoft Windows 7 Ultimate (89%), Microsoft Windows Vista SP1 (89%), Microsoft Windows 8.1 Enterprise (88%)
5504No exact OS matches for host (test conditions non-ideal).
5505Uptime guess: 32.868 days (since Wed Jul 10 01:47:16 2019)
5506Network Distance: 13 hops
5507TCP Sequence Prediction: Difficulty=254 (Good luck!)
5508IP ID Sequence Generation: Incremental
5509Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
5510
5511TRACEROUTE (using port 80/tcp)
5512HOP RTT ADDRESS
55131 189.33 ms 10.246.200.1
55142 189.38 ms 185.242.4.145
55153 189.37 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
55164 190.61 ms 61.120.144.233
55175 190.67 ms ae-10.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.5.50)
55186 190.66 ms ae-18.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.6.128)
55197 190.66 ms ae-3.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.3.56)
55208 ... 9
552110 424.46 ms SAUDI-TELEC.ear1.London1.Level3.net (195.50.124.218)
552211 ...
552312 426.26 ms 84-235-110-102.igw.com.sa (84.235.110.102)
552413 430.94 ms www.makkahgroup.com (62.3.25.22)
5525
5526NSE: Script Post-scanning.
5527Initiating NSE at 22:36
5528Completed NSE at 22:36, 0.00s elapsed
5529Initiating NSE at 22:36
5530Completed NSE at 22:36, 0.00s elapsed
5531Read data files from: /usr/bin/../share/nmap
5532OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
5533Nmap done: 1 IP address (1 host up) scanned in 321.80 seconds
5534 Raw packets sent: 132 (11.200KB) | Rcvd: 62 (3.598KB)
5535#####################################################################################################################################
5536
5537wig - WebApp Information Gatherer
5538
5539
5540Scanning http://62.3.25.22...
5541____________________________________________ SITE INFO _____________________________________________
5542IP Title
554362.3.25.22
5544
5545_____________________________________________ VERSION ______________________________________________
5546Name Versions Type
5547microsoft-httpapi 2.0 Platform
5548Microsoft Windows 7 OS
5549Microsoft Windows Server 2003 SP2 | 2003 SP3 | 2008 | 2008 R2 | 2012 | 2012 R2 OS
5550
5551____________________________________________________________________________________________________
5552Time: 57.0 sec Urls: 599 Fingerprints: 40401
5553#####################################################################################################################################
5554HTTP/1.1 404 Not Found
5555Content-Length: 315
5556Content-Type: text/html; charset=us-ascii
5557Server: Microsoft-HTTPAPI/2.0
5558Date: Mon, 12 Aug 2019 03:00:57 GMT
5559Connection: close
5560
5561HTTP/1.1 404 Not Found
5562Content-Length: 315
5563Content-Type: text/html; charset=us-ascii
5564Server: Microsoft-HTTPAPI/2.0
5565Date: Mon, 12 Aug 2019 03:00:59 GMT
5566Connection: close
5567######################################################################################################################################
5568Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 22:40 EDT
5569NSE: Loaded 45 scripts for scanning.
5570NSE: Script Pre-scanning.
5571Initiating NSE at 22:40
5572Completed NSE at 22:40, 0.00s elapsed
5573Initiating NSE at 22:40
5574Completed NSE at 22:40, 0.00s elapsed
5575Initiating Ping Scan at 22:40
5576Scanning 62.3.25.22 [4 ports]
5577Completed Ping Scan at 22:40, 0.47s elapsed (1 total hosts)
5578Initiating Parallel DNS resolution of 1 host. at 22:40
5579Completed Parallel DNS resolution of 1 host. at 22:40, 0.03s elapsed
5580Initiating SYN Stealth Scan at 22:40
5581Scanning www.makkahgroup.com (62.3.25.22) [65535 ports]
5582Discovered open port 80/tcp on 62.3.25.22
5583SYN Stealth Scan Timing: About 2.28% done; ETC: 23:03 (0:22:11 remaining)
5584SYN Stealth Scan Timing: About 5.70% done; ETC: 22:58 (0:16:49 remaining)
5585SYN Stealth Scan Timing: About 8.91% done; ETC: 22:57 (0:15:30 remaining)
5586SYN Stealth Scan Timing: About 13.02% done; ETC: 22:56 (0:13:28 remaining)
5587SYN Stealth Scan Timing: About 18.13% done; ETC: 22:54 (0:11:22 remaining)
5588SYN Stealth Scan Timing: About 22.38% done; ETC: 22:54 (0:10:28 remaining)
5589SYN Stealth Scan Timing: About 27.42% done; ETC: 22:53 (0:09:19 remaining)
5590SYN Stealth Scan Timing: About 32.76% done; ETC: 22:52 (0:08:15 remaining)
5591SYN Stealth Scan Timing: About 37.64% done; ETC: 22:52 (0:07:29 remaining)
5592SYN Stealth Scan Timing: About 43.51% done; ETC: 22:52 (0:06:31 remaining)
5593SYN Stealth Scan Timing: About 50.09% done; ETC: 22:51 (0:05:30 remaining)
5594SYN Stealth Scan Timing: About 56.14% done; ETC: 22:51 (0:04:56 remaining)
5595SYN Stealth Scan Timing: About 62.45% done; ETC: 22:52 (0:04:22 remaining)
5596SYN Stealth Scan Timing: About 68.22% done; ETC: 22:52 (0:03:47 remaining)
5597SYN Stealth Scan Timing: About 73.74% done; ETC: 22:52 (0:03:11 remaining)
5598SYN Stealth Scan Timing: About 79.12% done; ETC: 22:52 (0:02:31 remaining)
5599SYN Stealth Scan Timing: About 84.63% done; ETC: 22:52 (0:01:51 remaining)
5600SYN Stealth Scan Timing: About 90.11% done; ETC: 22:52 (0:01:11 remaining)
5601Completed SYN Stealth Scan at 22:52, 691.77s elapsed (65535 total ports)
5602Initiating Service scan at 22:52
5603Scanning 1 service on www.makkahgroup.com (62.3.25.22)
5604Completed Service scan at 22:52, 6.87s elapsed (1 service on 1 host)
5605Initiating OS detection (try #1) against www.makkahgroup.com (62.3.25.22)
5606Retrying OS detection (try #2) against www.makkahgroup.com (62.3.25.22)
5607Initiating Traceroute at 22:52
5608Completed Traceroute at 22:52, 3.21s elapsed
5609Initiating Parallel DNS resolution of 10 hosts. at 22:52
5610Completed Parallel DNS resolution of 10 hosts. at 22:52, 0.70s elapsed
5611NSE: Script scanning 62.3.25.22.
5612Initiating NSE at 22:52
5613Completed NSE at 22:52, 5.82s elapsed
5614Initiating NSE at 22:52
5615Completed NSE at 22:52, 0.00s elapsed
5616Nmap scan report for www.makkahgroup.com (62.3.25.22)
5617Host is up (0.39s latency).
5618Not shown: 65531 filtered ports
5619PORT STATE SERVICE VERSION
562025/tcp closed smtp
562180/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
5622| http-server-header:
5623| Microsoft-HTTPAPI/2.0
5624|_ Microsoft-IIS/7.0
5625| vulscan: VulDB - https://vuldb.com:
5626| [131683] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Win32k memory corruption
5627| [131642] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Active Directory privilege escalation
5628| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
5629| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
5630| [123853] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel Memory information disclosure
5631| [122858] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 LNK memory corruption
5632| [122833] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI+ memory corruption
5633| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
5634| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
5635| [119469] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel privilege escalation
5636| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
5637| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
5638| [114528] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI privilege escalation
5639| [114524] Microsoft ASP.NET Core 2.0 denial of service
5640| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
5641| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
5642| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
5643| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
5644| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
5645| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
5646| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
5647| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
5648| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
5649| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5650| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5651| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
5652| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
5653| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
5654| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
5655| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
5656| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
5657| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
5658| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
5659| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
5660| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
5661| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
5662| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
5663| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
5664| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
5665| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
5666| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
5667| [111347] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Color Management Icm32.dll information disclosure
5668| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
5669| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
5670| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5671| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature Macro privilege escalation
5672| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
5673| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5674| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5675| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5676| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
5677| [106497] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Uniscribe memory corruption
5678| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5679| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5680| [105051] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Font Library privilege escalation
5681| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
5682| [102513] Microsoft Windows XP SP3/Server 2003 SP2 OLE olecnv32.dll privilege escalation
5683| [102512] Microsoft Windows XP SP3/Server 2003 SP2 rpc privilege escalation
5684| [102511] Microsoft Windows XP SP3/Server 2003 SP2 RDP EsteemAudit privilege escalation
5685| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
5686| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
5687| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
5688| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5689| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
5690| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
5691| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
5692| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
5693| [101011] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 ActiveX Object Memory memory corruption
5694| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
5695| [99904] Microsoft Windows XP SP3/Server 2003 SP2 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
5696| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
5697| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
5698| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
5699| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
5700| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
5701| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
5702| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
5703| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
5704| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
5705| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5706| [98085] Microsoft Excel 2007 SP3 memory corruption
5707| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
5708| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
5709| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
5710| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
5711| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
5712| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
5713| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
5714| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
5715| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
5716| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 information disclosure
5717| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
5718| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5719| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
5720| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
5721| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
5722| [93541] Microsoft Office 2007 SP3 denial of service
5723| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
5724| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
5725| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
5726| [93396] Microsoft Office 2007/2010/2011 memory corruption
5727| [93395] Microsoft Office 2007/2010/2011 memory corruption
5728| [93394] Microsoft Office 2007/2010 memory corruption
5729| [92596] Microsoft Windows Vista SP2/7 SP1/Server 2008 SP2/Server 2008 R2 Internet Messaging API File information disclosure
5730| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
5731| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
5732| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
5733| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
5734| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
5735| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
5736| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
5737| [91545] Microsoft Office 2007/2010 memory corruption
5738| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
5739| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
5740| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
5741| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
5742| [90705] Microsoft Office 2007/2010/2011 memory corruption
5743| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
5744| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
5745| [89034] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
5746| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
5747| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
5748| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
5749| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
5750| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL memory corruption
5751| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
5752| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
5753| [87935] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
5754| [87934] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
5755| [87933] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
5756| [87147] Microsoft Office 2007/2010 memory corruption
5757| [87145] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
5758| [87144] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
5759| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
5760| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
5761| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
5762| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
5763| [81272] Microsoft Office 2007/2010/2013 memory corruption
5764| [81265] Microsoft Windows Vista SP2/Server 2008 Library Loader memory corruption
5765| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5766| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5767| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
5768| [79506] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Library Loader memory corruption
5769| [79505] Microsoft Office 2007 memory corruption
5770| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
5771| [79503] Microsoft Office 2007/2010/2013 memory corruption
5772| [79502] Microsoft Office 2007/2010/2011 memory corruption
5773| [79501] Microsoft Office 2007/2010 memory corruption
5774| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
5775| [79493] Microsoft Windows Vista/Server 2008 Graphics memory corruption
5776| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
5777| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
5778| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
5779| [79167] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Journal memory corruption
5780| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
5781| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
5782| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 EPS Image memory corruption
5783| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
5784| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
5785| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
5786| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
5787| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
5788| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
5789| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
5790| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
5791| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
5792| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
5793| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
5794| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
5795| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
5796| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
5797| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
5798| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
5799| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
5800| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
5801| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
5802| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
5803| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
5804| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
5805| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
5806| [73979] Microsoft Exchange Server 2003 SP1/2003 CU7 Meeting privilege escalation
5807| [73978] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
5808| [73977] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
5809| [73976] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
5810| [73975] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
5811| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
5812| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
5813| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
5814| [69155] Microsoft Excel 2007/2010/2013/- Object memory corruption
5815| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
5816| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
5817| [68408] Microsoft Excel 2007/2010/2013 memory corruption
5818| [68407] Microsoft Excel 2007/2010 memory corruption
5819| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
5820| [68195] Microsoft Windows Vista/7/Server 2003/Server 2008 Input Method Editor Sandbox privilege escalation
5821| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
5822| [68188] Microsoft Word 2007 File memory corruption
5823| [68187] Microsoft Word 2007 File memory corruption
5824| [68186] Microsoft Word 2007 File memory corruption
5825| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
5826| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
5827| [71337] Microsoft Office 2000/2004/XP memory corruption
5828| [67355] Microsoft OneNote 2007 File Processing privilege escalation
5829| [67354] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 SQL Master Data Services cross site scripting
5830| [67353] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
5831| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
5832| [13545] Microsoft Word 2007 Embedded Font memory corruption
5833| [13397] Microsoft Windows XP/2000/Server 2003 DHCP Response DHCP ACK spoofing
5834| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
5835| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
5836| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
5837| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
5838| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
5839| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
5840| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
5841| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
5842| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
5843| [12844] Microsoft Word 2007/2010 Office File memory corruption
5844| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
5845| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
5846| [12530] Microsoft Windows XP/Vista/Server 2003/Server 2008/Server 2012 Security Account Manager Lockout privilege escalation
5847| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
5848| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
5849| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
5850| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
5851| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
5852| [11151] Microsoft Outlook 2007/2010/2013/- S/MIME Certificate Metadata Expansion memory corruption
5853| [11149] Microsoft Office 2003/2007/2010/2013/- WordPerfect Document epsimp32.flt memory corruption
5854| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
5855| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
5856| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
5857| [11081] Microsoft Windows Vista/Server 2008 TIFF Image memory corruption
5858| [10648] Microsoft Word 2007 Word File memory corruption
5859| [10647] Microsoft Word 2003 Word File memory corruption
5860| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
5861| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
5862| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
5863| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
5864| [10244] Microsoft Office 2003 SP3 Word File memory corruption
5865| [10243] Microsoft Office 2003/2007 Word File memory corruption
5866| [10242] Microsoft Office 2007 Word File memory corruption
5867| [10241] Microsoft Office 2007 Word File memory corruption
5868| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
5869| [10239] Microsoft Office 2003/2007 Word File memory corruption
5870| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
5871| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
5872| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
5873| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
5874| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
5875| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
5876| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
5877| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
5878| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
5879| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
5880| [10192] Microsoft Windows XP SP3/Vista/7/2000/Server 2003 SP2 Windows Theme File privilege escalation
5881| [10191] Microsoft Windows XP/Server 2003 OLE Object privilege escalation
5882| [10190] Microsoft Windows Vista/7/8/Server 2008 Active Directory denial of service
5883| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
5884| [9941] Microsoft Windows XP/Server 2003 Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
5885| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
5886| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
5887| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
5888| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
5889| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
5890| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
5891| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
5892| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
5893| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
5894| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
5895| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
5896| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
5897| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
5898| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
5899| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
5900| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
5901| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
5902| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
5903| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
5904| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
5905| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
5906| [7641] Microsoft Windows XP/Vista/Server 2003/Server 2008 DirectShow Quartz.dll memory corruption
5907| [8589] Microsoft System Center Operations Manager 2007 SP1/2007 R2 ViewTypeManager.aspx cross site scripting
5908| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
5909| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
5910| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
5911| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
5912| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
5913| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
5914| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
5915| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
5916| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
5917| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
5918| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
5919| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
5920| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
5921| [6830] Microsoft Word 2007/2010 File memory corruption
5922| [6819] Microsoft Excel 2007 File memory corruption
5923| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
5924| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
5925| [6622] Microsoft Word 2003/2007/2010/- RTF Document memory corruption
5926| [6621] Microsoft Word 2007 PAPX memory corruption
5927| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
5928| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
5929| [5939] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Print Spooler Service memory corruption
5930| [5938] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Remote Administration Protocol netapi32.dll RAP Request denial of service
5931| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
5932| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
5933| [5654] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 information disclosure
5934| [5653] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
5935| [5652] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
5936| [5650] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
5937| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
5938| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
5939| [5643] Microsoft SharePoint 2007/2010 information disclosure
5940| [5642] Microsoft SharePoint 2007 cross site request forgery
5941| [5553] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Font atmfd.dll denial of service
5942| [5524] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
5943| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
5944| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
5945| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
5946| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
5947| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
5948| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
5949| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
5950| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
5951| [5046] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
5952| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
5953| [4802] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Protocol denial of service
5954| [4798] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Service memory corruption
5955| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
5956| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
5957| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
5958| [4535] Microsoft Windows XP/Server 2003 Object Packager packager.exe privilege escalation
5959| [4534] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
5960| [4533] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Multimedia Library winmm.dll MIDI File memory corruption
5961| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication Redirect
5962| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
5963| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
5964| [4480] Microsoft Excel 2003 memory corruption
5965| [4478] Microsoft Windows XP/Server 2003 OLE Objects Memory Management memory corruption
5966| [4477] Microsoft PowerPoint 2007 OfficeArt Use-After-Free memory corruption
5967| [4474] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Active Directory Query memory corruption
5968| [4473] Microsoft Powerpoint 2007/2010 DLL-Loader memory corruption
5969| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
5970| [4470] Microsoft Office 2003 SP3 memory corruption
5971| [4453] Microsoft Excel 2003 Record Parser memory corruption
5972| [4446] Microsoft Office 2008/2007 OfficeArt Record Parser memory corruption
5973| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
5974| [4438] Microsoft Windows Vista/7/Server 2008 TCP/IP Reference Counter denial of service
5975| [5358] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 TrueType Font Handling memory corruption
5976| [59005] Microsoft Host Integration Server 2004 denial of service
5977| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
5978| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
5979| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
5980| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
5981| [58488] Microsoft Office 2007/2010 memory corruption
5982| [4412] Microsoft Office 2003/2007 Library Loader Designfehler
5983| [4411] Microsoft Excel 2003 memory corruption
5984| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
5985| [58240] Microsoft Visio 2003/2007 memory corruption
5986| [58237] Microsoft Visio 2003/2007/2010 memory corruption
5987| [4396] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
5988| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
5989| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
5990| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
5991| [4388] Microsoft Windows Vista/7/Server 2008 File Metadata Parser denial of service
5992| [57691] Microsoft SQL Server 2008 Web Service information disclosure
5993| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
5994| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
5995| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
5996| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
5997| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
5998| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
5999| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
6000| [4369] Microsoft Excel 2002/2003/2007 memory corruption
6001| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
6002| [4362] Microsoft Windows Vista/7/Server 2008 denial of service
6003| [57420] Microsoft PowerPoint 2002/2003 memory corruption
6004| [4349] Microsoft Office 2004/2008/2007 Presentation File Parser memory corruption
6005| [4348] Microsoft Powerpoint 2002/2003/2007 memory corruption
6006| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
6007| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
6008| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
6009| [57076] Microsoft Excel 2002/2003 memory corruption
6010| [57075] Microsoft Excel 2002/2003 memory corruption
6011| [57074] Microsoft Excel 2002 memory corruption
6012| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
6013| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
6014| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
6015| [56475] Microsoft Office 2004/2008 memory corruption
6016| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
6017| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
6018| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
6019| [4297] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Compact Font Format Driver privilege escalation
6020| [4296] Microsoft Windows XP/Server 2003 LSASS Authentication Request unknown vulnerability
6021| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
6022| [4294] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys unknown vulnerability
6023| [4293] Microsoft Windows XP/Server 2003 Kerberos CRC32 Checksum privilege escalation
6024| [4292] Microsoft Windows XP/Server 2003 CSRSS Logoff privilege escalation
6025| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
6026| [4286] Microsoft Powerpoint 2007 OfficeArt Container Parser memory corruption
6027| [4279] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 MHTML cross site scripting
6028| [56176] Microsoft Windows XP/7/Server 2003 fxscover.exe CDrawPoly::Serialize memory corruption
6029| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
6030| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
6031| [55765] Microsoft Office 2003/Xp Integer memory corruption
6032| [55764] Microsoft Office 2003/Xp memory corruption
6033| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
6034| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
6035| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
6036| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
6037| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
6038| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
6039| [4224] Microsoft Windows Vista/7/Server 2008 Consent User Interface privilege escalation
6040| [4231] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys GreEnableEUDC denial of service
6041| [55420] Microsoft Office 2007/2010 memory corruption
6042| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
6043| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
6044| [55411] Microsoft PowerPoint 2002/2003 memory corruption
6045| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
6046| [54995] Microsoft Office 2004/2008 memory corruption
6047| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
6048| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
6049| [54992] Microsoft Excel 2002 memory corruption
6050| [54991] Microsoft Office 2004 Future memory corruption
6051| [54990] Microsoft Office 2004 memory corruption
6052| [54989] Microsoft Office 2004/2008 memory corruption
6053| [54988] Microsoft Excel 2002 memory corruption
6054| [54987] Microsoft Excel 2002 memory corruption
6055| [54986] Microsoft Excel 2002/2003 memory corruption
6056| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
6057| [54984] Microsoft Office 2004/2008 memory corruption
6058| [54983] Microsoft Excel 2002 Integer memory corruption
6059| [54980] Microsoft Word 2002/2003 memory corruption
6060| [54979] Microsoft Word 2002 memory corruption
6061| [54978] Microsoft Word 2002 memory corruption
6062| [54977] Microsoft Word 2002 Heap-based memory corruption
6063| [54976] Microsoft Word 2002 memory corruption
6064| [54975] Microsoft Word 2002 memory corruption
6065| [54974] Microsoft Word 2002 memory corruption
6066| [54973] Microsoft Word 2002 memory corruption
6067| [54972] Microsoft Word 2002 memory corruption
6068| [54971] Microsoft Word 2002 memory corruption
6069| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
6070| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
6071| [4194] Microsoft Windows Vista/7/Server 2008 SChannel Client Certificate Request denial of service
6072| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
6073| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
6074| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
6075| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
6076| [54554] Microsoft Groove 2007 mso.dll memory corruption
6077| [4187] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack Ipv4SetEchoRequestCreate() denial of service
6078| [54322] Microsoft Word 2002/2003 memory corruption
6079| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
6080| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
6081| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
6082| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
6083| [4165] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
6084| [4162] Microsoft Windows Vista/7/Server 2008 Kernel memory corruption
6085| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
6086| [4149] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Shell Shortcut Parser memory corruption
6087| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
6088| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
6089| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
6090| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
6091| [4151] Microsoft Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel memory corruption
6092| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
6093| [53505] Microsoft Excel 2002/2007 memory corruption
6094| [53501] Microsoft Excel 2002 memory corruption
6095| [53500] Microsoft Excel 2002 memory corruption
6096| [53499] Microsoft Excel 2002 memory corruption
6097| [53495] Microsoft Excel 2002/2003/2007 memory corruption
6098| [53494] Microsoft Excel 2002 Stack-based memory corruption
6099| [53504] Microsoft Excel 2002 memory corruption
6100| [53503] Microsoft Excel 2002 Stack-Based memory corruption
6101| [53502] Microsoft Excel 2002 Heap-based memory corruption
6102| [53498] Microsoft Excel 2002 Stack-based memory corruption
6103| [53497] Microsoft Excel 2002 memory corruption
6104| [53496] Microsoft Excel 2002 memory corruption
6105| [53493] Microsoft Excel 2002/2003/2007 memory corruption
6106| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
6107| [53366] Microsoft ASP.NET 2.0 cross site scripting
6108| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
6109| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
6110| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
6111| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
6112| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
6113| [52773] Microsoft Visio 2002/2003/2007 memory corruption
6114| [52772] Microsoft Visio 2002/2003/2007 memory corruption
6115| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
6116| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
6117| [52543] Microsoft Virtual PC 2007 unknown vulnerability
6118| [52148] Microsoft Office 2004/2008/2007 Uninitialized Memory memory corruption
6119| [52147] Microsoft Office 2004/2008/2007 Spreadsheet Uninitialized Memory memory corruption
6120| [52146] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
6121| [52145] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
6122| [52144] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
6123| [52143] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
6124| [4090] Microsoft Excel 2002/2003/2007 memory corruption
6125| [52036] Microsoft Windows 2000 MsgBox memory corruption
6126| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
6127| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
6128| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
6129| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
6130| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
6131| [51799] Microsoft PowerPoint 2002/2003 memory corruption
6132| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
6133| [4082] Microsoft Powerpoint 2002 memory corruption
6134| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
6135| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
6136| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
6137| [51133] Microsoft Windows 2000 SP4/XP SP2/SP3/Server 2003 SP2 memory corruption
6138| [51074] Microsoft Office 2002/2003 Integer memory corruption
6139| [4069] Microsoft Project 2007/2003 Project Memory Validator memory corruption
6140| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
6141| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
6142| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
6143| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
6144| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
6145| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
6146| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
6147| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
6148| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
6149| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
6150| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
6151| [50443] Microsoft Office Powerpoint 2007 Integer memory corruption
6152| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
6153| [49866] Microsoft Windows Server 2003 memory corruption
6154| [4031] Microsoft Windows Vista/Server 2008 SMB Processor EducatedScholar memory corruption
6155| [4030] Microsoft Windows Vista/Server 2008 Wireless LAN AutoConfig Service Heap-based memory corruption
6156| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
6157| [49745] Microsoft Windows Server 2003 denial of service
6158| [49394] Microsoft Windows Server 2003 memory corruption
6159| [49198] Microsoft Visual Studio 2005 information disclosure
6160| [49047] Microsoft Virtual Server 2005 privilege escalation
6161| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
6162| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
6163| [49044] Microsoft ISA Server 2006 privilege escalation
6164| [3999] Microsoft Office 2007 Pointer memory corruption
6165| [4000] Microsoft Office 2003/Xp/Sp3 Web Components memory corruption
6166| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
6167| [48572] Microsoft Office Powerpoint 2002 FL21WIN.DLL memory corruption
6168| [48517] Microsoft Windows 2000 Memory Leak memory corruption
6169| [48516] Microsoft Windows Server 2008 unknown vulnerability
6170| [48512] Microsoft Windows Server 2008 unknown vulnerability
6171| [48515] Microsoft Office Word Viewer 2003 memory corruption
6172| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
6173| [48554] Microsoft Excel 2000/2003/2007 memory corruption
6174| [48157] Microsoft Office PowerPoint 2002 Sound memory corruption
6175| [48156] Microsoft Office PowerPoint 2000 Stack-based memory corruption
6176| [48154] Microsoft Office PowerPoint 2002 Sound PP7X32.DLL memory corruption
6177| [48152] Microsoft Office PowerPoint 2002 PP4X32.DLL memory corruption
6178| [48150] Microsoft Office PowerPoint 2002 Sound memory corruption
6179| [48147] Microsoft Office PowerPoint 2002 Sound memory corruption
6180| [48146] Microsoft Office PowerPoint 2002 Integer memory corruption
6181| [48155] Microsoft Office PowerPoint 2002 Notes Container Heap-based memory corruption
6182| [48153] Microsoft Office PowerPoint 2002 Sound memory corruption
6183| [48151] Microsoft Office PowerPoint 2002 Stack-based memory corruption
6184| [48149] Microsoft Office PowerPoint 2002 memory corruption
6185| [48148] Microsoft Office PowerPoint 2002 Sound memory corruption
6186| [3974] Microsoft Powerpoint 2000/2002/2003 Sound Data Stack-based memory corruption
6187| [3973] Microsoft Powerpoint 2000/2002/2003 Notes Container Stack-based memory corruption
6188| [3972] Microsoft Powerpoint 2000/2002/2003 BuildList memory corruption
6189| [3971] Microsoft Powerpoint 2000/2002/2003 Object Stack-based memory corruption
6190| [3970] Microsoft Powerpoint 2000/2002/2003 Paragraph Stack-based memory corruption
6191| [3969] Microsoft Powerpoint 2000/2002/2003 Atom Stack-based memory corruption
6192| [47719] Microsoft Windows 2000 Stack-based memory corruption
6193| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
6194| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
6195| [47715] Microsoft Windows 2000 Wordpad memory corruption
6196| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
6197| [3960] Microsoft Windows XP/2000/Server 2003 DirectShow MJPEG memory corruption
6198| [3952] Microsoft ISA Server 2004/2006 denial of service
6199| [3946] Microsoft PowerPoint 2004/2000/2002/2003 memory corruption
6200| [47091] Microsoft Windows Server 2008 unknown vulnerability
6201| [47090] Microsoft Windows Server 2008 unknown vulnerability
6202| [3939] Microsoft Windows 2000 DNS Designfehler
6203| [3938] Microsoft Windows 2000 SSL weak authentication
6204| [3937] Microsoft Windows 2000 memory corruption
6205| [3932] Microsoft Excel 2004/2000/2002/2003/2007 Object Reference Designfehler
6206| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
6207| [46455] Microsoft Exchange Server 2007 denial of service
6208| [46454] Microsoft Exchange Server 2007 memory corruption
6209| [46453] Microsoft Visio 2002/2003/2007 memory corruption
6210| [46452] Microsoft Visio 2002/2003/2007 memory corruption
6211| [46451] Microsoft Visio 2002/2003/2007 memory corruption
6212| [46327] Microsoft Word 2007 information disclosure
6213| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
6214| [45381] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
6215| [45380] Microsoft Windows Vista SP1/Server 2008 Search memory corruption
6216| [45379] Microsoft Office SharePoint Server 2007 denial of service
6217| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
6218| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
6219| [3891] Microsoft Excel 2000/2002/2003 memory corruption
6220| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
6221| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
6222| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
6223| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
6224| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
6225| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
6226| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
6227| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
6228| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
6229| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
6230| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
6231| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
6232| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
6233| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
6234| [45197] Microsoft Windows 2000 nskey.dll memory corruption
6235| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
6236| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
6237| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
6238| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
6239| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
6240| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
6241| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
6242| [3844] Microsoft Excel 2003 REPT memory corruption
6243| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
6244| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based Eingabeung\xC3\xBCltigkeit
6245| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
6246| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
6247| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
6248| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
6249| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
6250| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
6251| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
6252| [43676] Microsoft Windows XP/Vista/2000/Server 2003 memory corruption
6253| [43675] Microsoft Windows XP/Vista/2000/Server 2003 of memory corruption
6254| [43662] Microsoft Office Powerpoint Viewer up to 2003 memory corruption
6255| [43661] Microsoft Office Powerpoint Viewer 2003 memory corruption
6256| [43660] Microsoft Office Powerpoint Viewer 2003 Integer memory corruption
6257| [43657] Microsoft Office 2000/2003/Xp memory corruption
6258| [43654] Microsoft SharePoint Server 2007 memory corruption
6259| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
6260| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
6261| [3797] Microsoft Windows Vista/Server 2008 IPsec Policy Designfehler
6262| [3796] Microsoft Office 2000 WPG memory corruption
6263| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
6264| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
6265| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
6266| [3792] Microsoft Office 2000 EPS File memory corruption
6267| [3783] Microsoft Word 2002 memory corruption
6268| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
6269| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
6270| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
6271| [3777] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
6272| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
6273| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
6274| [42816] Microsoft Word 2000/2003 memory corruption
6275| [42732] Microsoft Windows XP/Vista/Server 2003 denial of service
6276| [42731] Microsoft Windows Server 2003 denial of service
6277| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
6278| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
6279| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
6280| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
6281| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
6282| [41880] Microsoft Project 2000/2002/2003 memory corruption
6283| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
6284| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
6285| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
6286| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
6287| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
6288| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
6289| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
6290| [41453] Microsoft Excel 2000/2002/2003 memory corruption
6291| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
6292| [41451] Microsoft Excel 2000/2002/2003 memory corruption
6293| [41450] Microsoft Excel 2000 memory corruption
6294| [41449] Microsoft Excel 2000/2002/2003 memory corruption
6295| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
6296| [3648] Microsoft Excel 2003 memory corruption
6297| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
6298| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
6299| [41002] Microsoft Office 2000/2003/Xp memory corruption
6300| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
6301| [41000] Microsoft Works 2005/8.0 memory corruption
6302| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
6303| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
6304| [40987] Microsoft Windows 2000 denial of service
6305| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
6306| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
6307| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
6308| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
6309| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
6310| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
6311| [39655] Microsoft Windows Server 2003 spoofing
6312| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
6313| [3373] Microsoft Word 2000/2002 memory corruption
6314| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
6315| [38899] Microsoft ISA Server 2004 information disclosure
6316| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
6317| [38326] Microsoft Windows 2000 attemptwrite memory corruption
6318| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
6319| [3223] Microsoft Windows XP/Server 2003 URI Eingabeung\xC3\xBCltigkeit
6320| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
6321| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
6322| [37738] Microsoft Office 2002/2003 memory corruption
6323| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
6324| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
6325| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
6326| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
6327| [37566] Microsoft Excel 2003 unknown vulnerability
6328| [37526] Microsoft Windows 2000/Server 2003 denial of service
6329| [37248] Microsoft Visio 2002 Packaging memory corruption
6330| [37251] Microsoft Windows 2000 memory corruption
6331| [3119] Microsoft Visio 2002 Object memory corruption
6332| [3118] Microsoft Visio 2002 Data memory corruption
6333| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
6334| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
6335| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
6336| [36616] Microsoft Works 2004/2005/2006 memory corruption
6337| [36621] Microsoft Exchange Server 2000 Integer denial of service
6338| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
6339| [36619] Microsoft Exchange Server 2000/2003/2007 memory corruption
6340| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
6341| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
6342| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
6343| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
6344| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
6345| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
6346| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
6347| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
6348| [36039] Microsoft Content Management Server 2001 memory corruption
6349| [36052] Microsoft Windows 2000 Heap-based memory corruption
6350| [36051] Microsoft Word 2007 file798-1.doc memory corruption
6351| [36050] Microsoft Word 2007 file789-1.doc memory corruption
6352| [36040] Microsoft Content Management Server 2001 cross site scripting
6353| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
6354| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
6355| [2990] Microsoft Windows 2000/XP/Vista Animated Cursor Stack-based memory corruption
6356| [36515] Microsoft Windows 2000/XP/Server 2003 memory corruption
6357| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
6358| [35373] Microsoft Excel 2003 denial of service
6359| [35372] Microsoft Office 2003 denial of service
6360| [35206] Microsoft Windows XP/Server 2003 Crash denial of service
6361| [35161] Microsoft ISA Server 2004 unknown vulnerability
6362| [35236] Microsoft Publisher 2007 memory corruption
6363| [2939] Microsoft Word 2000 memory corruption
6364| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
6365| [34993] Microsoft Office 2000/2003/Xp memory corruption
6366| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
6367| [35000] Microsoft Word 2000/2002/2003 memory corruption
6368| [2933] Microsoft Windows XP SP2/2000 SP4/Server 2003 SP1 OLE Dialog Stack-based memory corruption
6369| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
6370| [2884] Microsoft Word 2000/2002/2003 memory corruption
6371| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
6372| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
6373| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
6374| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
6375| [34322] Microsoft Office 2000/2003/Xp memory corruption
6376| [2811] Microsoft Windows 2000/XP/Server 2003 VML Vector Markup Language Integer memory corruption
6377| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
6378| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
6379| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
6380| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
6381| [34126] Microsoft Office 2003 memory corruption
6382| [34122] Microsoft Office Web Components 2000 memory corruption
6383| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum() denial of service
6384| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
6385| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
6386| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
6387| [2738] Microsoft Windows 2000/XP/Server 2003 SNMP memory corruption
6388| [2737] Microsoft Windows XP/Server 2003 Manifest denial of service
6389| [33766] Microsoft Word 2000/2002/2003 memory corruption
6390| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
6391| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
6392| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
6393| [2688] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware denial of service
6394| [2687] Microsoft Windows 2000/XP/Server 2003 Agent ActiveX ACF File Heap-based memory corruption
6395| [2686] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware memory corruption
6396| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
6397| [2659] Microsoft Windows 2000/XP GDI Crash Designfehler
6398| [2655] Microsoft Windows 2000/XP/Server 2003 XML Core Services Designfehler
6399| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
6400| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
6401| [32693] Microsoft Word 2004 memory corruption
6402| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
6403| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
6404| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
6405| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
6406| [32694] Microsoft Windows 2000 memory corruption
6407| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6408| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6409| [32687] Microsoft Word 2000/2002 memory corruption
6410| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
6411| [2601] Microsoft Windows XP/Server 2003 IPv6 Stack denial of service
6412| [2600] Microsoft Windows XP/Server 2003 IPv6 Stack TCP denial of service
6413| [2599] Microsoft Windows XP/Server 2003 IPv6 Stack ICMP denial of service
6414| [2598] Microsoft Windows XP/Server 2003 Object Packager Designfehler
6415| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
6416| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
6417| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
6418| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
6419| [2593] Microsoft ASP.NET 2.0 cross site scripting
6420| [2571] Microsoft PowerPoint up to 2003 Document memory corruption
6421| [2554] Microsoft PowerPoint 2000 memory corruption
6422| [2522] Microsoft Windows 2000/XP/Server 2003 Indexing Service cross site scripting
6423| [2521] Microsoft Publisher 2000/2002/2003 PUB File Stack-based memory corruption
6424| [2508] Microsoft Word 2000 memory corruption
6425| [2478] Microsoft Internet Explorer up to 6 on Win 2000 HTTP 1.1 Compression Heap-based memory corruption
6426| [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption
6427| [2436] Microsoft Windows 2000/XP/Server 2003 Kernel memory corruption
6428| [2435] Microsoft Windows 2000/XP/Server 2003 Exception memory corruption
6429| [2434] Microsoft Windows 2000/XP/Server 2003 Winlogon race condition
6430| [2433] Microsoft Windows 2000 Management Console cross site scripting
6431| [2432] Microsoft Windows 2000/XP/Server 2003 DNS Resolver Heap-based memory corruption
6432| [2431] Microsoft Windows 2000/XP/Server 2003 Winsock API memory corruption
6433| [2430] Microsoft Windows 2000/XP/Server 2003 RPC ELV memory corruption
6434| [2426] Microsoft Windows 2000/XP/Server 2003 WMF File gdi32.dll denial of service
6435| [2415] Microsoft Windows 2000/XP/Server 2003 SMB File srv.sys denial of service
6436| [31527] Microsoft Internet Explorer 6.0 on Win 2000 ActiveX Object Stack-Based denial of service
6437| [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service
6438| [31354] Microsoft PowerPoint 2003 memory corruption
6439| [31351] Microsoft ISA Server 2004 Filters unknown vulnerability
6440| [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption
6441| [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption
6442| [31318] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6443| [31317] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6444| [31316] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6445| [31313] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6446| [31312] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6447| [31311] Microsoft Excel 2000/2002/2003/XP memory corruption
6448| [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6449| [31237] Microsoft Office 2000/2003/Xp memory corruption
6450| [31235] Microsoft Office 2000/2003/Xp memory corruption
6451| [2371] Microsoft NET Framework up to 2.0 URL Validator unknown vulnerability
6452| [2370] Microsoft Windows 2000/XP/Server 2003 Server Protocol Driver Server Message Block Heap-based memory corruption
6453| [2369] Microsoft Windows 2000/XP/Server 2003 Server Service Mailslot Heap-based memory corruption
6454| [2367] Microsoft Office 2000/2003/XP Document String memory corruption
6455| [2366] Microsoft Windows 2000/XP/Server 2003 DHCP Client memory corruption
6456| [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption
6457| [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption
6458| [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption
6459| [31238] Microsoft Internet Explorer 6.0 on Win 2000 Crash denial of service
6460| [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption
6461| [31133] Microsoft Windows XP/Server 2003 explorer.exe memory corruption
6462| [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll Long Hyperlink memory corruption
6463| [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption
6464| [30801] Microsoft Windows up to 2000 Connection Manager Stack-based memory corruption
6465| [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting
6466| [2311] Microsoft Windows 2000/XP/Server 2003 MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk memory corruption
6467| [2310] Microsoft Windows 2000 RPC spoofing
6468| [2309] Microsoft Windows 2000/XP/Server 2003 Routing and Remote Access Service RPC Request memory corruption
6469| [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption
6470| [2307] Microsoft Windows 2000/XP/Server 2003 JScript Object memory corruption
6471| [2306] Microsoft Windows 2000/XP/Server 2003 IP Source Routing memory corruption
6472| [2305] Microsoft Windows XP/Server 2003 ART Image Heap-based memory corruption
6473| [2294] Microsoft Word up to 2003 DOC Document Backdoor Designfehler
6474| [2275] Microsoft Windows XP/Server 2003 mhtml URI inetcomm.dll memory corruption
6475| [2253] Microsoft Word up to 2003 Backdoor memory corruption
6476| [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption
6477| [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator Crash denial of service
6478| [2218] Microsoft Windows 2000/XP/Server 2003 MSDTC Heap-based denial of service
6479| [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption
6480| [2190] Microsoft Office 2003 mailto URI unknown vulnerability
6481| [2147] Microsoft Windows 2000/XP/Server 2003 COM Object memory corruption
6482| [2135] Microsoft FrontPage Server Extensions 2002 cross site scripting
6483| [29524] Microsoft ISA Server 2004 unknown vulnerability
6484| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
6485| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
6486| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
6487| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
6488| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
6489| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6490| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
6491| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
6492| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6493| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6494| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
6495| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
6496| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
6497| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
6498| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
6499| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
6500| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6501| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6502| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6503| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6504| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6505| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6506| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6507| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6508| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6509| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6510| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
6511| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6512| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6513| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6514| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
6515| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
6516| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
6517| [134704] Microsoft SQL Server 2017 Analysis Services information disclosure
6518| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
6519| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
6520| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
6521| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
6522| [134697] Microsoft Office/Word 2016/2019/365 ProPlus memory corruption
6523| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
6524| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
6525| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6526| [133235] Microsoft Azure DevOps Server 2019 privilege escalation
6527| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6528| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
6529| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
6530| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
6531| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
6532| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
6533| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6534| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
6535| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
6536| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6537| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6538| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
6539| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
6540| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
6541| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
6542| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
6543| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
6544| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
6545| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
6546| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
6547| [133204] Microsoft Office/Excel up to 2019 memory corruption
6548| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
6549| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
6550| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
6551| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
6552| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
6553| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
6554| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
6555| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
6556| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
6557| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
6558| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
6559| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
6560| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
6561| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
6562| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
6563| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
6564| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
6565| [133184] Microsoft Office 2016 for Mac/2019/365 ProPlus Graphics Component memory corruption
6566| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
6567| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
6568| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
6569| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
6570| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
6571| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
6572| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
6573| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
6574| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
6575| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
6576| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
6577| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
6578| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
6579| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
6580| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
6581| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
6582| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
6583| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
6584| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
6585| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
6586| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
6587| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
6588| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
6589| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
6590| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
6591| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
6592| [131658] Microsoft Windows up to Server 2019 information disclosure
6593| [131657] Microsoft Windows up to Server 2019 denial of service
6594| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
6595| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
6596| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
6597| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
6598| [131650] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V denial of service
6599| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
6600| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
6601| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
6602| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6603| [131632] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
6604| [131631] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
6605| [131630] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
6606| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
6607| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
6608| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
6609| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
6610| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
6611| [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation
6612| [131329] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 information disclosure
6613| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
6614| [130832] Microsoft 2013 SP1 spoofing
6615| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
6616| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
6617| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
6618| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
6619| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
6620| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
6621| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6622| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
6623| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
6624| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
6625| [130814] Microsoft Windows up to Server 2019 privilege escalation
6626| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
6627| [130808] Microsoft Windows up to Server 2019 information disclosure
6628| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
6629| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
6630| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
6631| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
6632| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
6633| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
6634| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
6635| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6636| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
6637| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
6638| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
6639| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
6640| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
6641| [130792] Microsoft Windows up to Server 2019 HID information disclosure
6642| [130791] Microsoft Windows up to Server 2019 HID information disclosure
6643| [130790] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
6644| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6645| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6646| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6647| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6648| [130785] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus Security Feature Phishing spoofing
6649| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
6650| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
6651| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
6652| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
6653| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
6654| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
6655| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
6656| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
6657| [128762] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus Word memory corruption
6658| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6659| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6660| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6661| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6662| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6663| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6664| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6665| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6666| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6667| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6668| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
6669| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
6670| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
6671| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
6672| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
6673| [128745] Microsoft Office up to 2019 Word Macro information disclosure
6674| [128744] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
6675| [128743] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
6676| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
6677| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6678| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
6679| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
6680| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
6681| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
6682| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
6683| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
6684| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
6685| [128732] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus MSHTML Engine privilege escalation
6686| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
6687| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
6688| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
6689| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
6690| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
6691| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
6692| [128717] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V memory corruption
6693| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
6694| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
6695| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
6696| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
6697| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
6698| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
6699| [127826] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Win32k ASLR privilege escalation
6700| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
6701| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
6702| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
6703| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
6704| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
6705| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
6706| [127817] Microsoft Excel up to 2019 information disclosure
6707| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
6708| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
6709| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
6710| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
6711| [127809] Microsoft PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus memory corruption
6712| [127806] Microsoft Outlook up to 2019 memory corruption
6713| [127805] Microsoft Excel up to 2019 memory corruption
6714| [127804] Microsoft Excel up to 2019 memory corruption
6715| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
6716| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
6717| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
6718| [126755] Microsoft .NET Core 2.1 privilege escalation
6719| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
6720| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
6721| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
6722| [126748] Microsoft Office 2019/365 ProPlus Outlook Message information disclosure
6723| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
6724| [126746] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6725| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
6726| [126744] Microsoft Office up to 2019 Word memory corruption
6727| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
6728| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
6729| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
6730| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
6731| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
6732| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
6733| [126734] Microsoft Office 2019/365 ProPlus information disclosure
6734| [126733] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DirectX memory corruption
6735| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
6736| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
6737| [126727] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6738| [126726] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6739| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
6740| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
6741| [126718] Microsoft Windows up to Server 2016 Search memory corruption
6742| [126717] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2019 memory corruption
6743| [126716] Microsoft Office up to 2019 Excel memory corruption
6744| [126715] Microsoft Office 2016/2019/365 ProPlus Excel memory corruption
6745| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
6746| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
6747| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
6748| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
6749| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
6750| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
6751| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
6752| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
6753| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
6754| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
6755| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
6756| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
6757| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
6758| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
6759| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
6760| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
6761| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
6762| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6763| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6764| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6765| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6766| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
6767| [125100] Microsoft Office/Powerpoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
6768| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
6769| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
6770| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
6771| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
6772| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
6773| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
6774| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
6775| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
6776| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
6777| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
6778| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
6779| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
6780| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
6781| [123872] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 SMB information disclosure
6782| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
6783| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
6784| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2013 RT SP1/2016 cross site scripting
6785| [123861] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
6786| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6787| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
6788| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
6789| [123849] Microsoft Windows up to Server 2016 SMB denial of service
6790| [123846] Microsoft Office 2016 on Win/Mac memory corruption
6791| [123844] Microsoft Word 2013 SP1/2013 RT SP1/2016 PDF File memory corruption
6792| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
6793| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
6794| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
6795| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
6796| [123827] Microsoft Windows up to Server 2016 Image memory corruption
6797| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
6798| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
6799| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
6800| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
6801| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
6802| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
6803| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
6804| [122875] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
6805| [122874] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
6806| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
6807| [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure
6808| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
6809| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
6810| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
6811| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
6812| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
6813| [122848] Microsoft Windows Security Feature 2FA weak authentication
6814| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
6815| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
6816| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
6817| [121208] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R Attachment privilege escalation
6818| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6819| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
6820| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
6821| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
6822| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
6823| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
6824| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
6825| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6826| [121098] Microsoft Office 2016/2016 C2R memory corruption
6827| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
6828| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
6829| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6830| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
6831| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
6832| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
6833| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
6834| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
6835| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
6836| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
6837| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
6838| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
6839| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
6840| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
6841| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
6842| [119459] Microsoft Windows up to Server 2016 memory corruption
6843| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
6844| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
6845| [119455] Microsoft Windows up to Server 2016 denial of service
6846| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
6847| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
6848| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
6849| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
6850| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
6851| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
6852| [119436] Microsoft Windows up to Server 2016 memory corruption
6853| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
6854| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
6855| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
6856| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
6857| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
6858| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
6859| [117507] Microsoft Infopath 2013 SP1 memory corruption
6860| [117505] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
6861| [117504] Microsoft Office 2010 SP2 information disclosure
6862| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
6863| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
6864| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6865| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
6866| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
6867| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
6868| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
6869| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
6870| [117473] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
6871| [117472] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
6872| [117471] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
6873| [117470] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
6874| [117469] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
6875| [117468] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
6876| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
6877| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
6878| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
6879| [116132] Microsoft Office 2016 Memory information disclosure
6880| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6881| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
6882| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
6883| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
6884| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
6885| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
6886| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
6887| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
6888| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
6889| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
6890| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
6891| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
6892| [116023] Microsoft Office up to 2016 C2R information disclosure
6893| [116022] Microsoft Excel 2010 SP2 memory corruption
6894| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Active Directory privilege escalation
6895| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
6896| [116018] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
6897| [116017] Microsoft Excel up to 2016 C2R memory corruption
6898| [116016] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Graphics memory corruption
6899| [116014] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
6900| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
6901| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
6902| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
6903| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
6904| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
6905| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
6906| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
6907| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
6908| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
6909| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
6910| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
6911| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6912| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
6913| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
6914| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Kernel information disclosure
6915| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6916| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6917| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6918| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6919| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6920| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6921| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6922| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6923| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6924| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6925| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6926| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
6927| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
6928| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
6929| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
6930| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
6931| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
6932| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
6933| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
6934| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
6935| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
6936| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
6937| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
6938| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
6939| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
6940| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
6941| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
6942| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
6943| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
6944| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
6945| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
6946| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
6947| [114520] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge privilege escalation
6948| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
6949| [114517] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge VFS privilege escalation
6950| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
6951| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
6952| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
6953| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
6954| [113259] Microsoft Windows 10/Server 2016/Server 1709 NTFS privilege escalation
6955| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
6956| [113253] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
6957| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
6958| [113250] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
6959| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
6960| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
6961| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
6962| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
6963| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
6964| [113240] Microsoft Windows 10/Server 2016/Server 1709 AppContainer privilege escalation
6965| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
6966| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
6967| [113233] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Uninitialized Memory information disclosure
6968| [113232] Microsoft Excel 2016 memory corruption
6969| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
6970| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
6971| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
6972| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
6973| [111567] Microsoft Office 2010/2013/2016 memory corruption
6974| [111564] Microsoft Word 2016 memory corruption
6975| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
6976| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
6977| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6978| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
6979| [110553] Microsoft Office 2016 C2R information disclosure
6980| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
6981| [110551] Microsoft Excel 2016 C2R memory corruption
6982| [110550] Microsoft PowerPoint 2013 SP1/2013 RT SP1/2016 information disclosure
6983| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
6984| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
6985| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
6986| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
6987| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
6988| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
6989| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
6990| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
6991| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
6992| [107759] Microsoft Windows up to Server 2016 SMB denial of service
6993| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
6994| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
6995| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
6996| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
6997| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
6998| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
6999| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
7000| [107738] Microsoft Windows up to Server 2016 Search information disclosure
7001| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
7002| [107732] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
7003| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
7004| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7005| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7006| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7007| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
7008| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
7009| [107698] Microsoft Office 2016 memory corruption
7010| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
7011| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
7012| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7013| [106529] Microsoft PowerPoint 2016 memory corruption
7014| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
7015| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
7016| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
7017| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
7018| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
7019| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
7020| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
7021| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
7022| [106474] Microsoft Office 2016 memory corruption
7023| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
7024| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
7025| [106470] Microsoft Excel 2011 on Mac memory corruption
7026| [106455] Microsoft Exchange Server 2013/2016 information disclosure
7027| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
7028| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
7029| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
7030| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
7031| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
7032| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
7033| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
7034| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
7035| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
7036| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
7037| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
7038| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
7039| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
7040| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
7041| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
7042| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
7043| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
7044| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
7045| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
7046| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
7047| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
7048| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
7049| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
7050| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
7051| [103468] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 Open Redirect
7052| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
7053| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
7054| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
7055| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
7056| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
7057| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
7058| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
7059| [103426] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
7060| [103425] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
7061| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
7062| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
7063| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
7064| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
7065| [102463] Microsoft Project Server 2013 SP1 cross site scripting
7066| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
7067| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
7068| [102446] Microsoft Office up to 2016 privilege escalation
7069| [102445] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 privilege escalation
7070| [102443] Microsoft Office up to 2016 privilege escalation
7071| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
7072| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
7073| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
7074| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
7075| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
7076| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
7077| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
7078| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
7079| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
7080| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7081| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
7082| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
7083| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7084| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
7085| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7086| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7087| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7088| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
7089| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7090| [101019] Microsoft Skype for Business 2016 memory corruption
7091| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
7092| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
7093| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
7094| [101014] Microsoft Office 2010 SP2/2016 memory corruption
7095| [101013] Microsoft Office 2010 SP2/2016 memory corruption
7096| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
7097| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
7098| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
7099| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
7100| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
7101| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
7102| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
7103| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
7104| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
7105| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
7106| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
7107| [98096] Microsoft Exchange 2013 SP1 privilege escalation
7108| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
7109| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
7110| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
7111| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
7112| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
7113| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
7114| [98082] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 denial of service
7115| [98081] Microsoft Excel up to 2016 information disclosure
7116| [98080] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
7117| [98079] Microsoft Word 2016 memory corruption
7118| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
7119| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
7120| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
7121| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
7122| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
7123| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
7124| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
7125| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
7126| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
7127| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
7128| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
7129| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
7130| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
7131| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
7132| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
7133| [94451] Microsoft Office 2011 memory corruption
7134| [94447] Microsoft Office 2010 SP2 memory corruption
7135| [94446] Microsoft Office 2016 memory corruption
7136| [94444] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL Loader memory corruption
7137| [94443] Microsoft Office up to 2016 information disclosure
7138| [94442] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
7139| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
7140| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
7141| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
7142| [93416] Microsoft SQL Server up to 2012 SP3/2014 SP2/2016 Server Agent atxcore.dll privilege escalation
7143| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
7144| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
7145| [93413] Microsoft SQL Server up to 2014 SP2/2016 RDBMS Engine privilege escalation
7146| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
7147| [93393] Microsoft Office up to 2016 memory corruption
7148| [93392] Microsoft Office up to 2016 memory corruption
7149| [93391] Microsoft Office up to 2016 memory corruption
7150| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
7151| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
7152| [92587] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
7153| [92584] Microsoft Office up to 2016 memory corruption
7154| [91571] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
7155| [91570] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
7156| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
7157| [91555] Microsoft Exchange 2013/2016 Link spoofing
7158| [91550] Microsoft Office 2016 memory corruption
7159| [91547] Microsoft Office 2010 memory corruption
7160| [91543] Microsoft Office up to 2016 memory corruption
7161| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
7162| [90711] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation
7163| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
7164| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
7165| [89043] Microsoft Office up to 2016 memory corruption
7166| [89041] Microsoft Office up to 2016 memory corruption
7167| [89040] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 memory corruption
7168| [89038] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature privilege escalation
7169| [89037] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
7170| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
7171| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
7172| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
7173| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
7174| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
7175| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
7176| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
7177| [87936] Microsoft Office up to 2016 memory corruption
7178| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
7179| [87156] Microsoft Windows 8.1/RT 8.1/10/Server 2012 R2 Shell memory corruption
7180| [87149] Microsoft Office up to 2016 memory corruption
7181| [87148] Microsoft Office 2010 Graphics memory corruption
7182| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
7183| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
7184| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
7185| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
7186| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
7187| [81274] Microsoft Office up to 2016 memory corruption
7188| [81270] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
7189| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
7190| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
7191| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7192| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
7193| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
7194| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
7195| [80870] Microsoft Office up to 2016 memory corruption
7196| [80868] Microsoft Office up to 2016 memory corruption
7197| [80867] Microsoft Office up to 2016 memory corruption
7198| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
7199| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
7200| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
7201| [80231] Microsoft Excel up to 2016 Office Document memory corruption
7202| [80229] Microsoft Exchange Server 2013 SP1/2013 CU 10/2013 CU 11/2016 Outlook Web Access cross site scripting
7203| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
7204| [80227] Microsoft Exchange Server 2013 SP1/2013 CU 10/2016 Outlook Web Access cross site scripting
7205| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
7206| [80218] Microsoft Office up to 2016 ASLR privilege escalation
7207| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
7208| [80216] Microsoft Office up to 2016 Office Document memory corruption
7209| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
7210| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
7211| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
7212| [79500] Microsoft Office 2010/2011/2016 memory corruption
7213| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
7214| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
7215| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
7216| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
7217| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
7218| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
7219| [77638] Microsoft Lync Server 2013 cross site scripting
7220| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7221| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
7222| [77050] Microsoft Office up to 2016 memory corruption
7223| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
7224| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
7225| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
7226| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
7227| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
7228| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
7229| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
7230| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
7231| [75786] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
7232| [66976] Microsoft Access 2010 VBA Datatype denial of service
7233| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
7234| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
7235| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
7236| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
7237| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
7238| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
7239| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
7240| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
7241| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
7242| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
7243| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
7244| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
7245| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
7246| [69156] Microsoft Office 2010 Object memory corruption
7247| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
7248| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
7249| [68191] Microsoft SharePoint 2010 cross site scripting
7250| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
7251| [67518] Microsoft Lync 2013 denial of service
7252| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
7253| [67516] Microsoft Lync 2010/2013 denial of service
7254| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
7255| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
7256| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
7257| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
7258| [13228] Microsoft Office 2013 Document privilege escalation
7259| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
7260| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
7261| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
7262| [12238] Microsoft Windows 8/Server 2012/RT IPv6 denial of service
7263| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
7264| [12183] Microsoft .NET Framework 2/4 DTD denial of service
7265| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
7266| [11468] Microsoft Exchange 2010/2013 cross site scripting
7267| [11466] Microsoft Office 2013 File Response information disclosure
7268| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
7269| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
7270| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
7271| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
7272| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
7273| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
7274| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
7275| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
7276| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
7277| [8722] Microsoft Windows 8/Server 2012/RT HTTP.sys denial of service
7278| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
7279| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
7280| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
7281| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
7282| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
7283| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
7284| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
7285| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
7286| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
7287| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
7288| [7343] Microsoft Lync 2012 HTTP Format String
7289| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
7290| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
7291| [6831] Microsoft Office Picture Manager 2010 File memory corruption
7292| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
7293| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
7294| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
7295| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
7296| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
7297| [5641] Microsoft SharePoint 2010 cross site scripting
7298| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
7299| [12311] Microsoft Lync 2010 Search race condition
7300| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
7301| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
7302| [60208] Microsoft Visio Viewer 2010 memory corruption
7303| [60207] Microsoft Visio Viewer 2010 memory corruption
7304| [60206] Microsoft Visio Viewer 2010 memory corruption
7305| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
7306| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
7307| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
7308| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
7309| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
7310| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
7311| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
7312| [4424] Microsoft Host Integration Server up to 2010 denial of service
7313| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
7314| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
7315| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
7316| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
7317| [4414] Microsoft SharePoint 2010 cross site scripting
7318| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS Designfehler
7319| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
7320| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
7321| [4332] Microsoft PowerPoint 2010/2007 memory corruption
7322| [56028] Microsoft Data Access Components 2.8 memory corruption
7323| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
7324| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
7325| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
7326| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
7327| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
7328| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
7329| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
7330| [4009] Microsoft NET Framework 2.x/3.x denial of service
7331| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
7332| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
7333| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
7334| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
7335| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
7336| [32692] Microsoft XML Core Services up to 2.6 memory corruption
7337| [32691] Microsoft XML Core Services up to 2.6 memory corruption
7338| [29608] Microsoft Data Access Components 2.7 memory corruption
7339|
7340| MITRE CVE - https://cve.mitre.org:
7341| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
7342| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
7343| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
7344| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
7345| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
7346| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
7347| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
7348| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
7349| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
7350| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
7351| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
7352| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
7353| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
7354| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
7355| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
7356| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
7357| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
7358| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
7359| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
7360| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
7361| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
7362| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
7363| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
7364| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
7365| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
7366| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
7367| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
7368| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
7369| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
7370| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
7371| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
7372| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
7373| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
7374| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
7375| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
7376| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
7377| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
7378| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
7379| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
7380| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
7381| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
7382| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
7383| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
7384| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
7385| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
7386| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
7387| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
7388| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
7389| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
7390| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7391| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7392| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7393| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7394| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7395| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7396| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7397| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7398| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7399| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7400| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7401| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7402| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7403| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7404| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7405| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7406| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7407| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7408| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7409| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7410| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7411| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7412| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7413| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7414| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7415| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7416| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7417| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7418| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7419| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
7420| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
7421| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
7422| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
7423| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
7424| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
7425| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
7426| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
7427| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
7428| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
7429| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
7430| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
7431| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
7432| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
7433| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
7434| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
7435| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
7436| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
7437| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
7438| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
7439| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
7440| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
7441| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
7442| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
7443| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
7444| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
7445| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
7446| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
7447| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
7448| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
7449| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
7450| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
7451| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
7452| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
7453| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
7454| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
7455| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
7456| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
7457| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
7458| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
7459| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
7460| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
7461| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
7462| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
7463| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
7464| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
7465| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
7466| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
7467| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
7468| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
7469| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
7470| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
7471| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
7472| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
7473| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
7474| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
7475| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
7476| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
7477| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
7478| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
7479| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
7480| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
7481| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
7482| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
7483| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
7484| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
7485| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
7486| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
7487| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
7488| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
7489| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
7490| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
7491| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
7492| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
7493| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
7494| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
7495| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
7496| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
7497| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
7498| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
7499| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
7500| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
7501| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
7502| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
7503| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
7504| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
7505| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
7506| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
7507| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
7508| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
7509| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
7510| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
7511| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
7512| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
7513| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
7514| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
7515| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
7516| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
7517| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
7518| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
7519| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
7520| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
7521| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
7522| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
7523| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
7524| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
7525| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
7526| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
7527| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
7528| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
7529| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
7530| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
7531| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
7532| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
7533| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
7534| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
7535| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
7536| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
7537| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
7538| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
7539| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
7540| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
7541| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
7542| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
7543| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
7544| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
7545| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
7546| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
7547| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
7548| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
7549| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
7550| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
7551| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
7552| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
7553| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
7554| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
7555| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
7556| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
7557| [CVE-2011-1990] Microsoft Excel 2007 SP2
7558| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
7559| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
7560| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
7561| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
7562| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
7563| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
7564| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
7565| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
7566| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
7567| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
7568| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
7569| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
7570| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
7571| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
7572| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
7573| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
7574| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
7575| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
7576| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
7577| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
7578| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
7579| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
7580| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
7581| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
7582| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
7583| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
7584| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
7585| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
7586| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
7587| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
7588| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
7589| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
7590| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
7591| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
7592| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
7593| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
7594| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
7595| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
7596| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
7597| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
7598| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
7599| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
7600| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
7601| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
7602| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
7603| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
7604| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
7605| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
7606| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
7607| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
7608| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
7609| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
7610| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
7611| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
7612| [CVE-2011-1275] Microsoft Excel 2002 SP3
7613| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
7614| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
7615| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
7616| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
7617| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
7618| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
7619| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
7620| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
7621| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
7622| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
7623| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
7624| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
7625| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
7626| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
7627| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7628| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7629| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7630| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7631| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7632| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7633| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7634| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7635| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7636| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7637| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7638| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7639| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7640| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7641| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7642| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7643| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7644| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7645| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
7646| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
7647| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
7648| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
7649| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
7650| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7651| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
7652| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7653| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7654| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7655| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7656| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7657| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7658| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7659| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7660| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
7661| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
7662| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
7663| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
7664| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
7665| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
7666| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
7667| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
7668| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
7669| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
7670| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
7671| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
7672| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
7673| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
7674| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
7675| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
7676| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
7677| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
7678| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
7679| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
7680| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
7681| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
7682| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
7683| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
7684| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
7685| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
7686| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
7687| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
7688| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
7689| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
7690| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
7691| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
7692| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
7693| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
7694| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
7695| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
7696| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
7697| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
7698| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
7699| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
7700| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
7701| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
7702| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
7703| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
7704| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
7705| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
7706| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
7707| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
7708| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
7709| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
7710| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
7711| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
7712| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
7713| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
7714| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
7715| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
7716| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
7717| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
7718| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
7719| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
7720| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
7721| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
7722| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
7723| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
7724| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
7725| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
7726| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
7727| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
7728| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
7729| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
7730| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
7731| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
7732| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
7733| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
7734| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
7735| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
7736| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
7737| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
7738| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
7739| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
7740| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
7741| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
7742| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
7743| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
7744| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
7745| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
7746| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
7747| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
7748| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
7749| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
7750| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
7751| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
7752| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
7753| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
7754| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
7755| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
7756| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
7757| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
7758| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
7759| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
7760| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
7761| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
7762| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
7763| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
7764| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
7765| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
7766| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
7767| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
7768| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
7769| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
7770| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
7771| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
7772| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
7773| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
7774| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
7775| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
7776| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
7777| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
7778| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
7779| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
7780| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
7781| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
7782| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
7783| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
7784| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
7785| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
7786| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
7787| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
7788| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
7789| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
7790| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
7791| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
7792| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
7793| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
7794| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
7795| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
7796| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
7797| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
7798| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
7799| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
7800| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
7801| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
7802| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
7803| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
7804| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
7805| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
7806| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
7807| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
7808| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
7809| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
7810| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
7811| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
7812| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
7813| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
7814| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
7815| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
7816| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
7817| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
7818| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
7819| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
7820| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
7821| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
7822| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
7823| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
7824| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
7825| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
7826| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
7827| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
7828| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
7829| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
7830| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
7831| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
7832| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
7833| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
7834| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
7835| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
7836| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
7837| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
7838| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
7839| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
7840| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
7841| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
7842| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
7843| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
7844| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
7845| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
7846| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
7847| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
7848| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
7849| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
7850| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
7851| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
7852| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
7853| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
7854| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
7855| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
7856| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
7857| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
7858| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
7859| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
7860| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
7861| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
7862| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
7863| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
7864| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
7865| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
7866| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
7867| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
7868| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
7869| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
7870| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
7871| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
7872| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
7873| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
7874| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
7875| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
7876| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
7877| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
7878| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
7879| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
7880| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
7881| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
7882| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
7883| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
7884| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
7885| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
7886| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
7887| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
7888| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
7889| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
7890| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
7891| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
7892| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
7893| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
7894| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
7895| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
7896| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
7897| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
7898| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
7899| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
7900| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
7901| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
7902| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
7903| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
7904| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
7905| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
7906| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
7907| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
7908| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
7909| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
7910| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
7911| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
7912| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
7913| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
7914| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
7915| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
7916| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
7917| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
7918| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
7919| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
7920| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
7921| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
7922| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
7923| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
7924| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
7925| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
7926| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
7927| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
7928| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
7929| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
7930| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
7931| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
7932| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
7933| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
7934| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
7935| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
7936| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
7937| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
7938| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
7939| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
7940| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
7941| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
7942| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
7943| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
7944| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
7945| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
7946| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
7947| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
7948| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
7949| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
7950| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
7951| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
7952| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
7953| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
7954| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
7955| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
7956| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
7957| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
7958| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
7959| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
7960| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
7961| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
7962| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
7963| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
7964| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
7965| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
7966| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
7967| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
7968| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
7969| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
7970| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
7971| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
7972| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
7973| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
7974| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
7975| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
7976| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
7977| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
7978| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
7979| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
7980| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
7981| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
7982| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
7983| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
7984| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
7985| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
7986| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
7987| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
7988| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
7989| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
7990| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
7991| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
7992| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
7993| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
7994| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
7995| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
7996| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
7997| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
7998| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
7999| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
8000| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
8001| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
8002| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
8003| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
8004| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
8005| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
8006| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
8007| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
8008| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
8009| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
8010| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
8011| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
8012| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
8013| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
8014| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
8015| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
8016| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
8017| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
8018| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
8019| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
8020| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
8021| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
8022| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
8023| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
8024| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
8025| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
8026| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
8027| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
8028| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
8029| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
8030| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
8031| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
8032| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
8033| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
8034| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
8035| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
8036| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
8037| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
8038| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
8039| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
8040| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
8041| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
8042| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
8043| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
8044| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
8045| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
8046| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
8047| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
8048| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
8049| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
8050| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
8051| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
8052| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
8053| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
8054| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
8055| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
8056| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
8057| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
8058| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
8059| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
8060| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
8061| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
8062| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
8063| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
8064| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
8065| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
8066| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
8067| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
8068| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
8069| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
8070| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
8071| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
8072| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
8073| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
8074| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
8075| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
8076| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
8077| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
8078| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
8079| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
8080| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8081| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
8082| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
8083| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
8084| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
8085| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
8086| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
8087| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
8088| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
8089| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8090| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
8091| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
8092| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
8093| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
8094| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
8095| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
8096| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
8097| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
8098| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
8099| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
8100| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
8101| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8102| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8103| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8104| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8105| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8106| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8107| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
8108| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
8109| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
8110| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
8111| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
8112| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
8113| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
8114| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
8115| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
8116| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
8117| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
8118| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
8119| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
8120| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
8121| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
8122| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
8123| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
8124| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
8125| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
8126| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
8127| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
8128| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
8129| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
8130| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
8131| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
8132| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
8133| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
8134| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
8135| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
8136| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
8137| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
8138| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
8139| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
8140| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
8141| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
8142| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
8143| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
8144| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
8145| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
8146| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
8147| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
8148| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
8149| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
8150| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
8151| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
8152| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
8153| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
8154| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
8155| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
8156| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
8157| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
8158| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
8159| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
8160| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
8161| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
8162| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
8163| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
8164| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
8165| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
8166| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
8167| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
8168| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
8169| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
8170| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
8171| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
8172| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
8173| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
8174| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
8175| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
8176| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
8177| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
8178| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
8179| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
8180| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
8181| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
8182| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
8183| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
8184| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
8185| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
8186| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
8187| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
8188| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
8189| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
8190| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
8191| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
8192| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
8193| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
8194| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
8195| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
8196| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
8197| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
8198| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
8199| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
8200| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
8201| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
8202| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
8203| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
8204| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
8205| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
8206| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
8207| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
8208| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
8209| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
8210| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
8211| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
8212| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
8213| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
8214| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
8215| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
8216| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
8217| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
8218| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
8219| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
8220| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
8221| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
8222| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
8223| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
8224| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
8225| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
8226| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
8227| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
8228| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
8229| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
8230| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
8231| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
8232| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
8233| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
8234| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
8235| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
8236| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
8237| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
8238| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
8239| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
8240| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
8241| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
8242| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
8243| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
8244| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
8245| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
8246| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
8247| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
8248| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
8249| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
8250| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
8251| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
8252| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
8253| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
8254| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
8255| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
8256| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
8257| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
8258| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
8259| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
8260| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
8261| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
8262| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
8263| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
8264| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
8265| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
8266| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
8267| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
8268| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
8269| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
8270| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
8271| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
8272| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
8273| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
8274| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
8275| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
8276| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
8277| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
8278| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
8279| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
8280| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
8281| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
8282| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
8283| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
8284| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
8285| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
8286| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
8287| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
8288| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
8289| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
8290| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
8291| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
8292| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
8293| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
8294| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
8295| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
8296| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
8297| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
8298| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
8299| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
8300| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
8301| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
8302| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
8303| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
8304| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
8305| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
8306| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
8307| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
8308| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
8309| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
8310| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
8311| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
8312| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
8313| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
8314| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
8315| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
8316| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
8317| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
8318| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
8319| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
8320| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
8321| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
8322| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
8323| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
8324| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
8325| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
8326| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
8327| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
8328| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
8329| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
8330| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
8331| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
8332| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
8333| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
8334| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
8335| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
8336| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
8337| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
8338| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
8339| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
8340| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
8341| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
8342| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
8343| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
8344| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
8345| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
8346| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
8347| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
8348| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
8349| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
8350| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
8351| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
8352| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
8353| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
8354| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
8355| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
8356| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
8357| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
8358| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
8359| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
8360| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
8361| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
8362| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
8363| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
8364| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
8365| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
8366| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
8367| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
8368| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
8369| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
8370| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
8371| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
8372| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
8373| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
8374| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
8375| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
8376| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
8377| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
8378| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
8379| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
8380| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
8381| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
8382| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
8383| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
8384| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
8385| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
8386| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
8387| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
8388| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
8389| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
8390| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
8391| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
8392| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
8393| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
8394| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
8395| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
8396| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
8397| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
8398| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
8399| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
8400| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
8401| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
8402| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
8403| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
8404| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
8405| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
8406| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
8407| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
8408| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
8409| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
8410| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
8411| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
8412| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
8413| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
8414| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
8415| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
8416| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
8417| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
8418| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
8419| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
8420| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
8421| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
8422| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
8423| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
8424| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
8425| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
8426| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
8427| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
8428| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
8429| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
8430| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
8431| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
8432| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
8433| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
8434| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
8435| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
8436| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
8437| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
8438| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
8439| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
8440| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
8441| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
8442| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
8443| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
8444| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
8445| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
8446| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
8447| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
8448| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
8449| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
8450| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
8451| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
8452| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
8453| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
8454| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
8455| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
8456| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
8457| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
8458| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
8459| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
8460| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
8461| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
8462| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
8463| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
8464| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
8465| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
8466| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
8467| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
8468| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
8469| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
8470| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
8471| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
8472| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
8473| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
8474| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
8475| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
8476| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
8477| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
8478| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
8479| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
8480| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
8481| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
8482| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
8483| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
8484| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
8485| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
8486| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
8487| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
8488| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
8489| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
8490| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
8491| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
8492| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
8493| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
8494| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
8495| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
8496| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
8497| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
8498| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
8499| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
8500| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
8501| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
8502| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
8503| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
8504| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
8505| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
8506| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
8507| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
8508| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
8509| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
8510| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
8511| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
8512| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
8513| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
8514| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
8515| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
8516| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
8517| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
8518| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
8519| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
8520| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
8521| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
8522| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
8523| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
8524| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
8525| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
8526| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
8527| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
8528| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
8529| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
8530| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
8531| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
8532| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
8533| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
8534| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
8535| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
8536| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
8537| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
8538| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
8539| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
8540| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
8541| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
8542| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
8543| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
8544| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
8545| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
8546| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
8547| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
8548| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
8549| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
8550| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
8551| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
8552| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
8553| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
8554| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
8555| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
8556| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
8557| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
8558| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
8559| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
8560| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
8561| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
8562| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
8563| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
8564| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
8565| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
8566| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
8567| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
8568| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
8569| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
8570| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
8571| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
8572| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
8573| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
8574| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
8575| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
8576| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
8577| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
8578| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
8579| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
8580| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
8581| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
8582| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
8583| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
8584| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
8585| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
8586| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
8587| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
8588| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
8589| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
8590| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
8591| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
8592| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
8593| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
8594| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
8595| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
8596| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
8597| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
8598| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
8599| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
8600| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
8601| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
8602| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
8603| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
8604| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
8605| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
8606| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
8607| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
8608| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
8609| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
8610| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
8611| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
8612| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
8613| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
8614| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
8615| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
8616| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
8617| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
8618| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
8619| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
8620| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
8621| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
8622| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
8623| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
8624| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
8625| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
8626| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
8627| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
8628| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
8629| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
8630| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
8631| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
8632| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
8633| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
8634| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
8635| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
8636| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
8637| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
8638| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
8639| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
8640| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
8641| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
8642| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
8643| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
8644| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
8645| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
8646| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
8647| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
8648| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
8649| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
8650| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
8651| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
8652| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
8653| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
8654| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
8655| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
8656| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
8657| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
8658| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
8659| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
8660| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
8661| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
8662| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
8663| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
8664| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
8665| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
8666| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
8667| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
8668| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
8669| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
8670| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
8671| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
8672| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
8673| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
8674| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
8675| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
8676| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
8677| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
8678| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
8679| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
8680| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
8681| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
8682| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
8683| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
8684| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
8685| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
8686| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
8687| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
8688| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
8689| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
8690| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
8691| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
8692| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
8693| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
8694| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
8695| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
8696| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
8697| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
8698| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
8699| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
8700| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
8701| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
8702| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
8703| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
8704| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
8705| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
8706| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
8707| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
8708| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
8709| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
8710| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
8711| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
8712| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
8713| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
8714| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
8715| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
8716| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
8717| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
8718| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
8719| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
8720| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
8721| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
8722| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
8723| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
8724| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
8725| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
8726| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
8727| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
8728| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
8729| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
8730| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
8731| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
8732| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
8733| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
8734| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
8735| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
8736| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
8737| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
8738| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
8739| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
8740| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
8741| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
8742| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
8743| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
8744| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
8745| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
8746| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
8747| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
8748| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
8749| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
8750| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
8751| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
8752| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
8753| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
8754| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
8755| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
8756| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
8757| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
8758| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
8759| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
8760| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
8761| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
8762| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
8763| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
8764| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
8765| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
8766| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
8767| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
8768| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
8769| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
8770| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
8771| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
8772| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
8773| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
8774| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
8775| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
8776| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
8777| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
8778| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
8779| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
8780| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
8781| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
8782| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
8783| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
8784| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
8785| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
8786| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
8787| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
8788| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
8789| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
8790| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
8791| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
8792| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
8793| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
8794| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
8795| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8796| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
8797| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
8798| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
8799| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
8800| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
8801| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
8802| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
8803| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
8804| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
8805| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
8806| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
8807| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
8808| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
8809| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
8810| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
8811| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
8812| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
8813| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
8814| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
8815| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
8816| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
8817| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
8818| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
8819| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
8820| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
8821| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
8822| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
8823| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
8824| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
8825| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
8826| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
8827| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
8828| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
8829| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
8830| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
8831|
8832| SecurityFocus - https://www.securityfocus.com/bid/:
8833| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
8834| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
8835| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
8836| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
8837| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
8838| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
8839| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
8840| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
8841| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
8842| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
8843| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
8844| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
8845| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
8846| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
8847| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
8848| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
8849| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
8850| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
8851| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
8852| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
8853| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
8854| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
8855| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
8856| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
8857| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
8858| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
8859| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
8860| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
8861| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
8862| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
8863| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
8864| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
8865| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
8866| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
8867| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
8868| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
8869| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
8870| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
8871| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
8872| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
8873| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
8874| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
8875| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
8876| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
8877| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
8878| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
8879| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
8880| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
8881| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
8882| [22716] Microsoft Office 2003 Denial of Service Vulnerability
8883| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
8884| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
8885| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
8886| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
8887| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
8888| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
8889| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
8890| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
8891| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
8892| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
8893| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
8894| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
8895| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
8896| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
8897| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
8898| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
8899| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
8900| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
8901| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
8902| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
8903| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
8904| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
8905| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
8906| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
8907| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
8908| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
8909| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
8910| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
8911| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
8912| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
8913| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
8914| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
8915| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
8916| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
8917| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
8918| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
8919| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
8920| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
8921| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
8922| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
8923| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
8924| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
8925| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
8926| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
8927| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
8928| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
8929| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
8930| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
8931| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
8932| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
8933| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
8934| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
8935| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
8936| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
8937| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
8938| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
8939| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
8940| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
8941| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
8942| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
8943| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
8944| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
8945| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
8946| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
8947| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
8948| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
8949| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
8950| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
8951| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
8952| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
8953| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
8954| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
8955| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
8956| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
8957| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
8958| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
8959| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
8960| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
8961| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
8962| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
8963| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
8964| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
8965| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
8966| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
8967| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
8968| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
8969| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
8970| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
8971| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
8972| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
8973| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
8974| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
8975| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
8976| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
8977| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
8978| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
8979| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
8980| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
8981| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
8982| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
8983| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
8984| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
8985| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
8986| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
8987| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
8988| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
8989| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
8990| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
8991| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
8992| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
8993| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
8994| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
8995| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
8996| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
8997| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
8998| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
8999| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
9000| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
9001| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
9002| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
9003| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
9004| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
9005| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
9006| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
9007| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
9008| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
9009| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
9010| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
9011| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
9012| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
9013| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
9014| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
9015| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
9016| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
9017| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
9018| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
9019| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
9020| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
9021| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
9022| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
9023| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
9024| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
9025| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
9026| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
9027| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
9028| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
9029| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
9030| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
9031| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
9032| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
9033| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
9034| [1197] Microsoft Office 2000 UA Control Vulnerability
9035| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
9036| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
9037| [539] Microsoft Windows 2000 EFS Vulnerability
9038| [180] Microsoft Windows April Fools 2001 Vulnerability
9039| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
9040| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
9041| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
9042| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
9043| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
9044| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
9045| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
9046| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
9047| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
9048| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
9049| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
9050| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
9051| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
9052| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
9053| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
9054| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
9055| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
9056| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
9057| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
9058| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
9059| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
9060| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
9061| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
9062| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
9063| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
9064| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
9065| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
9066| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
9067| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
9068| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
9069| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
9070| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
9071| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
9072| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
9073| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
9074| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
9075| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
9076| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
9077| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
9078| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
9079| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
9080| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
9081| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
9082| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
9083| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
9084| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
9085| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
9086| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
9087| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
9088| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
9089| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
9090| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
9091| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
9092| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
9093| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
9094| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
9095| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
9096| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
9097| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
9098| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
9099| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
9100| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
9101| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
9102| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
9103| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
9104|
9105| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9106| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
9107| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
9108| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
9109| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
9110| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
9111| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
9112| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
9113| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
9114| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
9115| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
9116| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
9117| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
9118| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
9119| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
9120| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
9121| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
9122| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
9123| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
9124| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
9125| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
9126| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
9127| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
9128| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
9129| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
9130| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
9131| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
9132| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
9133| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
9134| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
9135| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
9136| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
9137| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
9138| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
9139| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
9140| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
9141| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
9142| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
9143| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
9144| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
9145| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
9146| [48595] Microsoft Word 2007 Email as PDF information disclosure
9147| [46102] Microsoft Windows 2003 SP2 is not installed on the system
9148| [46101] Microsoft Windows 2003 SP1 is not installed on the system
9149| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
9150| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
9151| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
9152| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
9153| [34599] Microsoft Windows Server 2003 terminal server security bypass
9154| [34473] Microsoft Office 2000 ActiveX control buffer overflow
9155| [33713] Microsoft Word 2007 multiple unspecified denial of service
9156| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
9157| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
9158| [31821] Microsoft Windows time zone update for year 2007
9159| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
9160| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
9161| [29546] Microsoft Windows 2000/2003 user logoff initiated
9162| [29545] Microsoft Windows 2000/2003 system time changed
9163| [29544] Microsoft Windows 2000/2003 system security access removed
9164| [29543] Microsoft Windows 2000/2003 security access granted
9165| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
9166| [29541] Microsoft Windows 2000/2003 primary security token issued
9167| [29540] Microsoft Windows 2000/2003 user password reset successful
9168| [29539] Microsoft Windows 2000/2003 object indirectly accessed
9169| [29538] Microsoft Windows 2000/2003 object handle duplicated
9170| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
9171| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
9172| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
9173| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
9174| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
9175| [29532] Microsoft Windows 2000/2003 IKE security association established
9176| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
9177| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
9178| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
9179| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
9180| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
9181| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
9182| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
9183| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
9184| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
9185| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
9186| [29521] Microsoft Windows 2000/2003 account name changed
9187| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
9188| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
9189| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
9190| [26118] Microsoft Office 2003 mailto: information disclosure
9191| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
9192| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
9193| [24473] Microsoft Windows 2000 event ID 565 not logged
9194| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
9195| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
9196| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
9197| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
9198| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
9199| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
9200| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
9201| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
9202| [22183] Microsoft Exchange Server 2003 public folder denial of service
9203| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
9204| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
9205| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
9206| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
9207| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
9208| [19629] Microsoft Exchange Server 2003 folder denial of service
9209| [17826] Microsoft Outlook 2003 CID security bypass
9210| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
9211| [17621] Microsoft Windows 2003 SMTP service code execution
9212| [17560] Microsoft Windows 2000 and XP GDI library denial of service
9213| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
9214| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
9215| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
9216| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
9217| [16907] Microsoft Windows 2003 users with Create global objects privilege
9218| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
9219| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
9220| [16704] Microsoft Windows 2000 Media Player control code execution
9221| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
9222| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
9223| [16570] Microsoft Windows 2003 Users with Create global objects privilege
9224| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
9225| [16562] Microsoft Windows 2003 Groups with "
9226| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
9227| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
9228| [16520] Microsoft Windows 2003 Create global objects privilege
9229| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
9230| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
9231| [16119] Microsoft Outlook 2000 URL spoofing
9232| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
9233| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
9234| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
9235| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
9236| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
9237| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
9238| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
9239| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
9240| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
9241| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
9242| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
9243| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
9244| [13426] Microsoft Windows 2000 and XP RPC race condition
9245| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
9246| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
9247| [13385] Microsoft Windows Server 2003 "
9248| [13211] Microsoft Windows 2000 and XP URG memory leak
9249| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
9250| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
9251| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
9252| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
9253| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
9254| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
9255| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
9256| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
9257| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
9258| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
9259| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
9260| [11901] Microsoft BizTalk Server 2002 SQL injection
9261| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
9262| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
9263| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
9264| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
9265| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
9266| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
9267| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
9268| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
9269| [11216] Microsoft Windows NT and 2000 command prompt denial of service
9270| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
9271| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
9272| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
9273| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
9274| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
9275| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
9276| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
9277| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
9278| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
9279| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
9280| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
9281| [9779] Microsoft Windows 2000 weak system partition permissions
9282| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
9283| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
9284| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
9285| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
9286| [8867] Microsoft Windows 2000 LanMan denial of service
9287| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
9288| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
9289| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
9290| [8739] Microsoft Windows 2000 DCOM memory leak
9291| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
9292| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
9293| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
9294| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
9295| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
9296| [8199] Microsoft Windows 2000 Terminal Services unlocked client
9297| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
9298| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
9299| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
9300| [8037] Microsoft Windows 2000 empty TCP packet denial of service
9301| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
9302| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
9303| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
9304| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
9305| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
9306| [7533] Microsoft Windows 2000 RunAs service denial of service
9307| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
9308| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
9309| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
9310| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
9311| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
9312| [7008] Microsoft Windows 2000 IrDA device denial of service
9313| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
9314| [6931] Microsoft Windows 2000 without Service Pack 2
9315| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
9316| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
9317| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
9318| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
9319| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
9320| [6669] Microsoft Windows 2000 Telnet system call denial of service
9321| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
9322| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
9323| [6666] Microsoft Windows 2000 Telnet username denial of service
9324| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
9325| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
9326| [6652] Microsoft Exchange 2000 OWA script execution
9327| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
9328| [6506] Microsoft Windows 2000 Server Kerberos denial of service
9329| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
9330| [6160] Microsoft Windows 2000 event viewer buffer overflow
9331| [6136] Microsoft Windows 2000 domain controller denial of service
9332| [6035] Microsoft Windows 2000 Server RDP denial of service
9333| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
9334| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
9335| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
9336| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
9337| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
9338| [5585] Microsoft Windows 2000 brute force attack
9339| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
9340| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
9341| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
9342| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
9343| [5263] Microsoft Office 2000 executes .dll without users knowledge
9344| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
9345| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
9346| [5203] Microsoft Windows 2000 still image service
9347| [5171] Microsoft Windows 2000 Local Security Policy corruption
9348| [5080] Microsoft Office 2000 HTML object tag buffer overflow
9349| [5033] Microsoft Windows 2000 without Service Pack 1
9350| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
9351| [5015] Microsoft Windows NT and 2000 executable path
9352| [4887] Microsoft Windows 2000 Kerberos ticket renewed
9353| [4886] Microsoft Windows 2000 logon session reconnected
9354| [4885] Microsoft Windows 2000 logon session disconnected
9355| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
9356| [4873] Microsoft Windows 2000 user account mapped for logon
9357| [4872] Microsoft Windows 2000 account logon failed
9358| [4871] Microsoft Windows 2000 account used for logon
9359| [4855] Microsoft Windows 2000 group type change
9360| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
9361| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
9362| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
9363| [4819] Microsoft Windows 2000 default SYSKEY configuration
9364| [4787] Microsoft Windows 2000 user account locked out
9365| [4786] Microsoft Windows 2000 computer account created
9366| [4785] Microsoft Windows 2000 computer account changed
9367| [4784] Microsoft Windows 2000 computer account deleted
9368| [4714] Microsoft Windows 2000 "
9369| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
9370| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
9371| [4138] Microsoft Windows 2000 system file integrity feature is disabled
9372| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
9373| [4085] Microsoft Windows 2000 non-Gregorial calendar error
9374| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
9375| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
9376| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
9377| [4080] Microsoft Windows 2000 AOL image support
9378| [4079] Microsoft Windows 2000 High Encryption Pack
9379| [3854] Microsoft Office 2000 security setting
9380| [1376] Microsoft Proxy 2.0 denial of service
9381| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
9382| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
9383| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
9384| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
9385| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
9386| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
9387| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
9388| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
9389| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
9390| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
9391| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
9392| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
9393| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
9394| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
9395| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
9396| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
9397| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
9398| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
9399| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
9400| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
9401| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
9402| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
9403| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
9404| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
9405| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
9406| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
9407| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
9408| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
9409| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
9410| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
9411| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
9412| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
9413| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
9414| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
9415| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
9416| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
9417| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
9418| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
9419| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
9420| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
9421| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
9422| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
9423| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
9424| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
9425| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
9426| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
9427| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
9428| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
9429| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
9430| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
9431| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
9432| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
9433| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
9434| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
9435| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
9436| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
9437| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
9438| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
9439| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
9440| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
9441| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
9442| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
9443| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
9444| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
9445| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
9446| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
9447| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
9448| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
9449| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
9450| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
9451| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
9452| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
9453| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
9454| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
9455| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
9456| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
9457| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
9458| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
9459| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
9460| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
9461| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
9462| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
9463| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
9464| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
9465| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
9466| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
9467| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
9468| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
9469| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
9470| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
9471| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
9472| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
9473| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
9474| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
9475| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
9476| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
9477| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
9478| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
9479| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
9480| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
9481| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
9482| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
9483| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
9484| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
9485| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
9486| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
9487| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
9488| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
9489| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
9490| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
9491| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
9492| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
9493| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
9494| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
9495| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
9496| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
9497| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
9498| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
9499| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
9500| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
9501| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
9502| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
9503| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
9504| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
9505| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
9506| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
9507| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
9508| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
9509| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
9510| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
9511| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
9512| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
9513| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
9514| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
9515| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
9516| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
9517| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
9518| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
9519| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
9520| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
9521| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
9522| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
9523| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
9524| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
9525| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
9526| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
9527| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
9528| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
9529| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
9530| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
9531| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
9532| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
9533| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
9534| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
9535| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
9536| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
9537| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
9538| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
9539| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
9540| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
9541| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
9542| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
9543| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
9544| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
9545| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
9546| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
9547| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
9548| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
9549| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
9550| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
9551| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
9552| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
9553| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
9554| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
9555| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
9556| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
9557| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
9558| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
9559| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
9560| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
9561| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
9562| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
9563| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
9564| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
9565| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
9566| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
9567| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
9568| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
9569| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
9570| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
9571| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
9572| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
9573| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
9574| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
9575| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
9576| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
9577| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
9578| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
9579| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
9580| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
9581| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
9582| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
9583| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
9584| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
9585| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
9586| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
9587| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
9588| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
9589| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
9590| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
9591| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
9592| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
9593| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
9594| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
9595| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
9596| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
9597| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
9598| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
9599| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
9600| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
9601| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
9602| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
9603| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
9604| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
9605| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
9606| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
9607| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
9608| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
9609| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
9610| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
9611| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
9612| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
9613| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
9614| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
9615| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
9616| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
9617| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
9618| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
9619| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
9620| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
9621| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
9622| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
9623| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
9624| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
9625| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
9626| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
9627| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
9628| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
9629| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
9630| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
9631| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
9632| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
9633| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
9634| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
9635| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
9636| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
9637| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
9638| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
9639| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
9640| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
9641| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
9642| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
9643| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
9644| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
9645| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
9646| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
9647| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
9648| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
9649| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
9650| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
9651| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
9652| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
9653| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
9654| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
9655| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
9656| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
9657| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
9658| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
9659| [9146] Microsoft Passport SDK 2.1 events reporting disabled
9660| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
9661| [9067] Microsoft Passport SDK 2.1 default test site exposure
9662| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
9663| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
9664| [9064] Microsoft Passport SDK 2.1 default time window exposure
9665| [1271] Microsoft IIS version 2 installed
9666| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
9667|
9668| Exploit-DB - https://www.exploit-db.com:
9669| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
9670| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
9671| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
9672| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
9673| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
9674| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
9675| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
9676| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
9677| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
9678| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
9679| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
9680| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
9681| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
9682| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
9683| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
9684| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
9685| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
9686| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
9687| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
9688| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
9689| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
9690| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
9691| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
9692| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
9693| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
9694| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
9695| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
9696| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
9697| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
9698| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
9699| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
9700| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
9701| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
9702| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
9703| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
9704| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
9705| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
9706| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
9707| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
9708| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
9709| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
9710| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
9711| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
9712| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
9713| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
9714| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
9715| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
9716| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
9717| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
9718| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
9719| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
9720| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
9721| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
9722| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
9723| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
9724| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
9725| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
9726| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
9727| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
9728| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
9729| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
9730| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
9731| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
9732| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
9733| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
9734| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
9735| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
9736| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
9737| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
9738| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
9739| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
9740| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
9741| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
9742| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
9743| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
9744| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
9745| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
9746| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
9747| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
9748| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
9749| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
9750| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
9751| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
9752| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
9753| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
9754| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
9755| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
9756| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
9757| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
9758| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
9759| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
9760| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
9761| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
9762| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
9763| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
9764| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
9765| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
9766| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
9767| [18334] Microsoft Office 2003 Home/Pro 0day
9768| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
9769| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
9770| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
9771| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
9772| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
9773| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
9774| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
9775| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
9776| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
9777| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
9778| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
9779| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
9780| [3690] microsoft office word 2007 - Multiple Vulnerabilities
9781| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
9782| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
9783| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
9784| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
9785| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
9786| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
9787| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
9788| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
9789| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
9790| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
9791| [22850] Microsoft Office OneNote 2010 Crash PoC
9792| [22679] Microsoft Visio 2010 Crash PoC
9793| [22655] Microsoft Publisher 2013 Crash PoC
9794| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
9795| [22330] Microsoft Office Excel 2010 Crash PoC
9796| [22310] Microsoft Office Publisher 2010 Crash PoC
9797| [22237] Microsoft Office Picture Manager 2010 Crash PoC
9798| [22215] Microsoft Office Word 2010 Crash PoC
9799| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
9800| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
9801| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
9802| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
9803| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
9804| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
9805| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
9806| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
9807| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
9808| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
9809|
9810| OpenVAS (Nessus) - http://www.openvas.org:
9811| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
9812| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
9813| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
9814| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
9815| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
9816| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
9817| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
9818| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
9819| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
9820| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
9821| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
9822| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
9823| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
9824|
9825| SecurityTracker - https://www.securitytracker.com:
9826| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
9827| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
9828| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
9829| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
9830| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
9831| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
9832| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
9833| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
9834| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
9835| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
9836| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
9837| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
9838| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
9839| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
9840| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
9841| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
9842| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
9843| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
9844| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
9845| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
9846| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
9847| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
9848| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
9849| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
9850| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
9851| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
9852| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
9853| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
9854| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
9855| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
9856| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
9857| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
9858| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
9859| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
9860| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
9861| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
9862| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
9863| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
9864| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
9865| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
9866| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
9867| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
9868| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
9869| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
9870| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
9871| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
9872| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
9873| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
9874| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
9875| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
9876| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
9877| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
9878| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
9879| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
9880| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
9881| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
9882| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
9883| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
9884| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
9885|
9886| OSVDB - http://www.osvdb.org:
9887| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
9888| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
9889| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
9890| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
9891| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
9892| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
9893| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
9894| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
9895| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
9896| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
9897| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
9898| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
9899| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
9900| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
9901| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
9902| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
9903| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
9904| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
9905| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
9906| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
9907| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
9908| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
9909| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
9910| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
9911| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
9912| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
9913| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
9914| [28539] Microsoft Word 2000 Unspecified Code Execution
9915| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
9916| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
9917| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
9918| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
9919| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
9920| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
9921| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
9922| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
9923| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
9924| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
9925| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
9926| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
9927| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
9928| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
9929| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
9930| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
9931| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
9932| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
9933| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
9934| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
9935| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
9936| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
9937| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
9938| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
9939| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
9940| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
9941| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
9942| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
9943| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
9944| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
9945| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
9946| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
9947| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
9948| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
9949| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
9950| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
9951| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
9952| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
9953| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
9954| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
9955| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
9956| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
9957| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
9958| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
9959| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
9960| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
9961| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
9962| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
9963| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
9964| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
9965| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
9966| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
9967| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
9968| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
9969| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
9970| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
9971| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
9972| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
9973| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
9974| [8243] Microsoft SMS Port 2702 DoS
9975| [7202] Microsoft PowerPoint 2000 File Loader Overflow
9976| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
9977| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
9978| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
9979| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
9980| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
9981| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
9982| [6965] Microsoft ISA Server 2000 SSL Packet DoS
9983| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
9984| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
9985| [5179] Microsoft Windows 2000 microsoft-ds DoS
9986| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
9987| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
9988| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
9989| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
9990| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
9991| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
9992| [4168] Microsoft Outlook 2002 mailto URI Script Injection
9993| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
9994| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
9995| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
9996| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
9997| [2244] Microsoft Windows 2000 ShellExecute() API Let
9998| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
9999| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
10000| [1764] Microsoft Windows 2000 Domain Controller DoS
10001| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
10002| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
10003| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
10004| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
10005| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
10006| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
10007| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
10008| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
10009| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
10010| [1399] Microsoft Windows 2000 Windows Station Access
10011| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
10012| [1297] Microsoft Windows 2000 Active Directory Object Attribute
10013| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
10014| [773] Microsoft Windows 2000 Group Policy File Lock DoS
10015| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
10016| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
10017| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
10018| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
10019| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
10020| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
10021|_
10022139/tcp closed netbios-ssn
10023445/tcp closed microsoft-ds
10024Aggressive OS guesses: Microsoft Windows Vista SP1 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 (89%), Microsoft Windows 7 Ultimate (89%), Microsoft Windows 8.1 (89%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 (89%), Microsoft Windows Windows 7 SP1 (89%), Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008 (89%), Microsoft Windows 8.1 Enterprise (88%), Microsoft Windows Server 2008 R2 (88%), Microsoft Windows 7 SP1 (88%)
10025No exact OS matches for host (test conditions non-ideal).
10026Uptime guess: 32.879 days (since Wed Jul 10 01:47:17 2019)
10027Network Distance: 13 hops
10028TCP Sequence Prediction: Difficulty=258 (Good luck!)
10029IP ID Sequence Generation: Incremental
10030Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
10031
10032TRACEROUTE (using port 80/tcp)
10033HOP RTT ADDRESS
100341 193.65 ms 10.246.200.1
100352 193.73 ms 185.242.4.145
100363 193.72 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
100374 193.70 ms 61.120.144.233
100385 193.77 ms ae-9.r01.tokyjp08.jp.bb.gin.ntt.net (129.250.5.54)
100396 193.82 ms ae-18.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.6.128)
100407 193.80 ms ae-2.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.3.33)
100418 ... 9
1004210 426.49 ms SAUDI-TELEC.ear1.London1.Level3.net (195.50.124.218)
1004311 ...
1004412 425.75 ms 84-235-110-102.igw.com.sa (84.235.110.102)
1004513 437.02 ms www.makkahgroup.com (62.3.25.22)
10046
10047NSE: Script Post-scanning.
10048Initiating NSE at 22:52
10049Completed NSE at 22:52, 0.00s elapsed
10050Initiating NSE at 22:52
10051Completed NSE at 22:52, 0.00s elapsed
10052Read data files from: /usr/bin/../share/nmap
10053OS and Service detection performed. Please report any incorrect results at https://nmap.org/
10054#####################################################################################################################################
10055Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 22:52 EDT
10056NSE: Loaded 45 scripts for scanning.
10057NSE: Script Pre-scanning.
10058Initiating NSE at 22:52
10059Completed NSE at 22:52, 0.00s elapsed
10060Initiating NSE at 22:52
10061Completed NSE at 22:52, 0.00s elapsed
10062Initiating Parallel DNS resolution of 1 host. at 22:52
10063Completed Parallel DNS resolution of 1 host. at 22:52, 0.02s elapsed
10064Initiating UDP Scan at 22:52
10065Scanning alharbitelecom.com (62.3.25.22) [15 ports]
10066Completed UDP Scan at 22:52, 2.99s elapsed (15 total ports)
10067Initiating Service scan at 22:52
10068Scanning 12 services on alharbitelecom.com (62.3.25.22)
10069Service scan Timing: About 25.00% done; ETC: 22:57 (0:03:54 remaining)
10070Completed Service scan at 22:54, 102.58s elapsed (12 services on 1 host)
10071Initiating OS detection (try #1) against alharbitelecom.com (62.3.25.22)
10072Retrying OS detection (try #2) against alharbitelecom.com (62.3.25.22)
10073Initiating Traceroute at 22:54
10074Completed Traceroute at 22:54, 7.21s elapsed
10075Initiating Parallel DNS resolution of 1 host. at 22:54
10076Completed Parallel DNS resolution of 1 host. at 22:54, 0.00s elapsed
10077NSE: Script scanning 62.3.25.22.
10078Initiating NSE at 22:54
10079Completed NSE at 22:54, 7.68s elapsed
10080Initiating NSE at 22:54
10081Completed NSE at 22:54, 1.80s elapsed
10082Nmap scan report for alharbitelecom.com (62.3.25.22)
10083Host is up (0.22s latency).
10084
10085PORT STATE SERVICE VERSION
1008653/udp open|filtered domain
1008767/udp filtered dhcps
1008868/udp open|filtered dhcpc
1008969/udp open|filtered tftp
1009088/udp open|filtered kerberos-sec
10091123/udp open|filtered ntp
10092137/udp filtered netbios-ns
10093138/udp filtered netbios-dgm
10094139/udp open|filtered netbios-ssn
10095161/udp open|filtered snmp
10096162/udp open|filtered snmptrap
10097389/udp open|filtered ldap
10098500/udp open|filtered isakmp
10099520/udp open|filtered route
101002049/udp open|filtered nfs
10101Too many fingerprints match this host to give specific OS details
10102
10103TRACEROUTE (using port 137/udp)
10104HOP RTT ADDRESS
101051 189.19 ms 10.246.200.1
101062 ... 3
101074 189.18 ms 10.246.200.1
101085 194.08 ms 10.246.200.1
101096 194.07 ms 10.246.200.1
101107 192.29 ms 10.246.200.1
101118 192.25 ms 10.246.200.1
101129 192.19 ms 10.246.200.1
1011310 190.63 ms 10.246.200.1
1011411 ... 18
1011519 187.32 ms 10.246.200.1
1011620 189.52 ms 10.246.200.1
1011721 ... 28
1011829 192.93 ms 10.246.200.1
1011930 188.95 ms 10.246.200.1
10120
10121NSE: Script Post-scanning.
10122Initiating NSE at 22:54
10123Completed NSE at 22:54, 0.00s elapsed
10124Initiating NSE at 22:54
10125Completed NSE at 22:54, 0.00s elapsed
10126Read data files from: /usr/bin/../share/nmap
10127OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
10128Nmap done: 1 IP address (1 host up) scanned in 130.54 seconds
10129 Raw packets sent: 148 (14.026KB) | Rcvd: 26 (2.340KB)
10130#####################################################################################################################################
10131 Anonymous JTSEC #OpSaudiArabia Full Recon #12