· 6 years ago · Oct 18, 2019, 04:35 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.eshot.gov.tr ISP Izmir Buyuksehir Belediyesi
4Continent Asia Flag
5TR
6Country Turkey Country Code TR
7Region Izmir Local time 18 Oct 2019 06:31 +03
8City OEdemis Postal Code 35750
9IP Address 185.182.239.167 Latitude 38.224
10 Longitude 27.937
11=======================================================================================================================================
12#######################################################################################################################################
13> www.eshot.gov.tr
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.eshot.gov.tr
19Address: 185.182.239.167
20>
21#######################################################################################################################################
22** Domain Name: eshot.gov.tr
23
24** Registrant:
25 T.C. İzmir Büyükşehir Belediyesi Eshot Genel Müdürlüğü
26 222 Sokak No: 500 Gediz/ Buca
27 35140
28 İzmir,
29 Türkiye
30 info@eshot.gov.tr
31 + 90-232-2762922-
32 + 90-232-2761753
33
34
35** Administrative Contact:
36NIC Handle : uoe3-metu
37Organization Name : Ünibel Özel Eğitim ve Bilgi Teknolojileri San. Ve Tic. A.Ş.
38Address : Hidden upon user request
39Phone : Hidden upon user request
40Fax : Hidden upon user request
41
42
43** Technical Contact:
44NIC Handle : uoe3-metu
45Organization Name : Ünibel Özel Eğitim ve Bilgi Teknolojileri San. Ve Tic. A.Ş.
46Address : Hidden upon user request
47Phone : Hidden upon user request
48Fax : Hidden upon user request
49
50
51** Billing Contact:
52NIC Handle : uoe3-metu
53Organization Name : Ünibel Özel Eğitim ve Bilgi Teknolojileri San. Ve Tic. A.Ş.
54Address : Hidden upon user request
55Phone : Hidden upon user request
56Fax : Hidden upon user request
57
58
59** Domain Servers:
60ns01.unibel.com.tr
61ns02.unibel.com.tr
62ns01.izmir-bld.gov.tr
63ns02.izmir-bld.gov.tr
64
65** Additional Info:
66Created on..............: 2002-Mar-05.
67Expires on..............: 2021-Mar-04.
68#######################################################################################################################################
69
70[+] Target : www.eshot.gov.tr
71
72[+] IP Address : 185.182.239.167
73
74[+] Headers :
75
76[+] Cache-Control : private
77[+] Content-Type : text/html; charset=utf-8
78[+] Content-Encoding : gzip
79[+] Vary : Accept-Encoding
80[+] Server : Microsoft-IIS/8.5
81[+] Set-Cookie : ASP.NET_SessionId=ftoipq2vxs4mv3ybqb3guomi; path=/; HttpOnly
82[+] X-AspNetMvc-Version : 5.0
83[+] X-AspNet-Version : 4.0.30319
84[+] X-Powered-By : ASP.NET
85[+] Date : Fri, 18 Oct 2019 03:35:59 GMT
86[+] Content-Length : 46867
87
88[+] SSL Certificate Information :
89
90[+] organizationalUnitName : PositiveSSL
91[+] commonName : www.eshot.gov.tr
92[+] countryName : GB
93[+] stateOrProvinceName : Greater Manchester
94[+] localityName : Salford
95[+] organizationName : COMODO CA Limited
96[+] commonName : COMODO RSA Domain Validation Secure Server CA
97[+] Version : 3
98[+] Serial Number : 4524940E754DA23AE288817B63F4C0F0
99[+] Not Before : Jan 3 00:00:00 2017 GMT
100[+] Not After : Jan 7 23:59:59 2020 GMT
101[+] OCSP : ('http://ocsp.comodoca.com',)
102[+] subject Alt Name : (('DNS', 'www.eshot.gov.tr'), ('DNS', 'eshot.gov.tr'))
103[+] CA Issuers : ('http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt',)
104[+] CRL Distribution Points : ('http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl',)
105
106[+] Whois Lookup :
107
108[+] NIR : None
109[+] ASN Registry : ripencc
110[+] ASN : 206556
111[+] ASN CIDR : 185.182.239.0/24
112[+] ASN Country Code : TR
113[+] ASN Date : 2016-12-19
114[+] ASN Description : IZMIRBB, TR
115[+] cidr : 185.182.236.0/22
116[+] name : TR-IZMIRBB-20161219
117[+] handle : AE4953-RIPE
118[+] range : 185.182.236.0 - 185.182.239.255
119[+] description : None
120[+] country : TR
121[+] state : None
122[+] city : None
123[+] address : Sehit Er Mehmet Cadirci Cad. No:50 BTM Binasi Sirinkapi Buca
12435390
125Izmir
126TURKEY
127[+] postal_code : None
128[+] emails : None
129[+] created : 2016-12-19T14:21:56Z
130[+] updated : 2016-12-19T14:21:56Z
131
132[+] Crawling Target...
133
134[+] Looking for robots.txt........[ Not Found ]
135[+] Looking for sitemap.xml.......[ Not Found ]
136[+] Extracting CSS Links..........[ 10 ]
137[+] Extracting Javascript Links...[ 15 ]
138[+] Extracting Internal Links.....[ 8 ]
139[+] Extracting External Links.....[ 9 ]
140[+] Extracting Images.............[ 22 ]
141
142[+] Total Links Extracted : 64
143
144[+] Dumping Links in /opt/FinalRecon/dumps/www.eshot.gov.tr.dump
145[+] Completed!
146#######################################################################################################################################
147[+] Starting At 2019-10-17 23:36:52.839456
148[+] Collecting Information On: https://www.eshot.gov.tr/
149[#] Status: 200
150--------------------------------------------------
151[#] Web Server Detected: Microsoft-IIS/8.5
152[#] X-Powered-By: ASP.NET
153[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
154- Cache-Control: private
155- Content-Type: text/html; charset=utf-8
156- Content-Encoding: gzip
157- Vary: Accept-Encoding
158- Server: Microsoft-IIS/8.5
159- Set-Cookie: ASP.NET_SessionId=d2c5tbr2huhv4qcetps0dmjq; path=/; HttpOnly
160- X-AspNetMvc-Version: 5.0
161- X-AspNet-Version: 4.0.30319
162- X-Powered-By: ASP.NET
163- Date: Fri, 18 Oct 2019 03:36:15 GMT
164- Content-Length: 46867
165--------------------------------------------------
166[#] Finding Location..!
167[#] status: success
168[#] country: Turkey
169[#] countryCode: TR
170[#] region: 35
171[#] regionName: Izmir
172[#] city: OEdemis
173[#] zip: 35750
174[#] lat: 38.2244
175[#] lon: 27.9366
176[#] timezone: Europe/Istanbul
177[#] isp: Tellcom Iletisim Hizmetleri A.S.
178[#] org: Izmir Buyuksehir Belediyesi
179[#] as: AS206556 Izmir Buyuksehir Belediyesi
180[#] query: 185.182.239.167
181--------------------------------------------------
182[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
183--------------------------------------------------
184[#] Starting Reverse DNS
185[-] Failed ! Fail
186--------------------------------------------------
187[!] Scanning Open Port
188[#] 80/tcp open http
189[#] 443/tcp open https
190--------------------------------------------------
191[+] Collecting Information Disclosure!
192[!] Found 3 Phone Number
193[+] +902323200320
194[+] +902323200320
195[+] +902322935000
196[#] Detecting sitemap.xml file
197[-] sitemap.xml file not Found!?
198[#] Detecting robots.txt file
199[-] robots.txt file not Found!?
200[#] Detecting GNU Mailman
201[-] GNU Mailman App Not Detected!?
202--------------------------------------------------
203[+] Crawling Url Parameter On: https://www.eshot.gov.tr/?AspxAutoDetectCookieSupport=1
204--------------------------------------------------
205[#] Searching Html Form !
206[+] Html Form Discovered
207[#] action: /tr/OtobusumNerede/290
208[#] class: ['where-is-bus']
209[#] id: frmOtobusumNerede
210[#] method: post
211--------------------------------------------------
212[!] Found 374 dom parameter
213[#] https://www.eshot.gov.tr//#
214[#] https://www.eshot.gov.tr//#
215[#] https://www.eshot.gov.tr//#
216[#] https://www.eshot.gov.tr//#
217[#] https://www.eshot.gov.tr//#
218[#] https://www.eshot.gov.tr//#
219[#] https://www.eshot.gov.tr//#
220[#] https://online.eshot.gov.tr/giris#Bakiye_Sorgula
221[#] https://www.eshot.gov.tr//#
222[#] https://online.eshot.gov.tr/giris#Bakiye_Sorgula
223[#] https://www.eshot.gov.tr//#
224[#] https://www.eshot.gov.tr//#
225[#] https://online.eshot.gov.tr/giris#Bakiye_Sorgula
226[#] https://www.eshot.gov.tr//#
227[#] https://www.eshot.gov.tr//#
228[#] https://www.eshot.gov.tr//#
229[#] https://www.eshot.gov.tr//#
230[#] https://www.eshot.gov.tr//#
231[#] https://www.eshot.gov.tr//#
232[#] https://www.eshot.gov.tr//#
233[#] https://www.eshot.gov.tr//#
234[#] https://www.eshot.gov.tr//#
235[#] https://www.eshot.gov.tr//#
236[#] https://www.eshot.gov.tr//#
237[#] https://www.eshot.gov.tr//#
238[#] https://www.eshot.gov.tr//#
239[#] https://www.eshot.gov.tr//#
240[#] https://www.eshot.gov.tr//#
241[#] https://www.eshot.gov.tr//#
242[#] https://www.eshot.gov.tr//#
243[#] https://www.eshot.gov.tr//#
244[#] https://www.eshot.gov.tr//#
245[#] https://www.eshot.gov.tr//#
246[#] https://www.eshot.gov.tr//#
247[#] https://www.eshot.gov.tr//#
248[#] https://www.eshot.gov.tr//#
249[#] https://www.eshot.gov.tr//#
250[#] https://www.eshot.gov.tr//#
251[#] https://www.eshot.gov.tr//#
252[#] https://www.eshot.gov.tr//#
253[#] https://www.eshot.gov.tr//#
254[#] https://www.eshot.gov.tr//#
255[#] https://www.eshot.gov.tr//#
256[#] https://www.eshot.gov.tr//#
257[#] https://www.eshot.gov.tr//#
258[#] https://www.eshot.gov.tr//#
259[#] https://www.eshot.gov.tr//#
260[#] https://www.eshot.gov.tr//#
261[#] https://www.eshot.gov.tr//#
262[#] https://www.eshot.gov.tr//#
263[#] https://www.eshot.gov.tr//#
264[#] https://www.eshot.gov.tr//#
265[#] https://www.eshot.gov.tr//#
266[#] https://www.eshot.gov.tr//#
267[#] https://www.eshot.gov.tr//#
268[#] https://www.eshot.gov.tr//#
269[#] https://www.eshot.gov.tr//#
270[#] https://www.eshot.gov.tr//#
271[#] https://www.eshot.gov.tr//#
272[#] https://www.eshot.gov.tr//#
273[#] https://www.eshot.gov.tr//#
274[#] https://www.eshot.gov.tr//#
275[#] https://www.eshot.gov.tr//#
276[#] https://www.eshot.gov.tr//#
277[#] https://www.eshot.gov.tr//#
278[#] https://www.eshot.gov.tr//#
279[#] https://www.eshot.gov.tr//#
280[#] https://www.eshot.gov.tr//#
281[#] https://www.eshot.gov.tr//#
282[#] https://www.eshot.gov.tr//#
283[#] https://www.eshot.gov.tr//#
284[#] https://www.eshot.gov.tr//#
285[#] https://www.eshot.gov.tr//#
286[#] https://www.eshot.gov.tr//#
287[#] https://www.eshot.gov.tr//#
288[#] https://www.eshot.gov.tr//#
289[#] https://www.eshot.gov.tr//#
290[#] https://www.eshot.gov.tr//#
291[#] https://www.eshot.gov.tr//#
292[#] https://www.eshot.gov.tr//#
293[#] https://www.eshot.gov.tr//#
294[#] https://www.eshot.gov.tr//#
295[#] https://www.eshot.gov.tr//#
296[#] https://www.eshot.gov.tr//#
297[#] https://www.eshot.gov.tr//#
298[#] https://www.eshot.gov.tr//#
299[#] https://www.eshot.gov.tr//#
300[#] https://www.eshot.gov.tr//#
301[#] https://www.eshot.gov.tr//#
302[#] https://www.eshot.gov.tr//#
303[#] https://www.eshot.gov.tr//#
304[#] https://www.eshot.gov.tr//#
305[#] https://www.eshot.gov.tr//#
306[#] https://www.eshot.gov.tr//#
307[#] https://www.eshot.gov.tr//#
308[#] https://www.eshot.gov.tr//#
309[#] https://www.eshot.gov.tr//#
310[#] https://www.eshot.gov.tr//#
311[#] https://www.eshot.gov.tr//#
312[#] https://www.eshot.gov.tr//#
313[#] https://www.eshot.gov.tr//#
314[#] https://www.eshot.gov.tr//#
315[#] https://www.eshot.gov.tr//#
316[#] https://www.eshot.gov.tr//#
317[#] https://www.eshot.gov.tr//#
318[#] https://www.eshot.gov.tr//#
319[#] https://www.eshot.gov.tr//#
320[#] https://www.eshot.gov.tr//#
321[#] https://www.eshot.gov.tr//#
322[#] https://www.eshot.gov.tr//#
323[#] https://www.eshot.gov.tr//#
324[#] https://www.eshot.gov.tr//#
325[#] https://www.eshot.gov.tr//#
326[#] https://www.eshot.gov.tr//#
327[#] https://www.eshot.gov.tr//#
328[#] https://www.eshot.gov.tr//#
329[#] https://www.eshot.gov.tr//#
330[#] https://www.eshot.gov.tr//#
331[#] https://www.eshot.gov.tr//#
332[#] https://www.eshot.gov.tr//#
333[#] https://www.eshot.gov.tr//#
334[#] https://www.eshot.gov.tr//#
335[#] https://www.eshot.gov.tr//#
336[#] https://www.eshot.gov.tr//#
337[#] https://www.eshot.gov.tr//#
338[#] https://www.eshot.gov.tr//#
339[#] https://www.eshot.gov.tr//#
340[#] https://www.eshot.gov.tr//#
341[#] https://www.eshot.gov.tr//#
342[#] https://www.eshot.gov.tr//#
343[#] https://www.eshot.gov.tr//#
344[#] https://www.eshot.gov.tr//#
345[#] https://www.eshot.gov.tr//#
346[#] https://www.eshot.gov.tr//#
347[#] https://www.eshot.gov.tr//#
348[#] https://www.eshot.gov.tr//#
349[#] https://www.eshot.gov.tr//#
350[#] https://www.eshot.gov.tr//#
351[#] https://www.eshot.gov.tr//#
352[#] https://www.eshot.gov.tr//#
353[#] https://www.eshot.gov.tr//#
354[#] https://www.eshot.gov.tr//#
355[#] https://www.eshot.gov.tr//#
356[#] https://www.eshot.gov.tr//#
357[#] https://www.eshot.gov.tr//#
358[#] https://www.eshot.gov.tr//#
359[#] https://www.eshot.gov.tr//#
360[#] https://www.eshot.gov.tr//#
361[#] https://www.eshot.gov.tr//#
362[#] https://www.eshot.gov.tr//#
363[#] https://www.eshot.gov.tr//#
364[#] https://www.eshot.gov.tr//#
365[#] https://www.eshot.gov.tr//#
366[#] https://www.eshot.gov.tr//#
367[#] https://www.eshot.gov.tr//#
368[#] https://www.eshot.gov.tr//#
369[#] https://www.eshot.gov.tr//#
370[#] https://www.eshot.gov.tr//#
371[#] https://www.eshot.gov.tr//#
372[#] https://www.eshot.gov.tr//#
373[#] https://www.eshot.gov.tr//#
374[#] https://www.eshot.gov.tr//#
375[#] https://www.eshot.gov.tr//#
376[#] https://www.eshot.gov.tr//#
377[#] https://www.eshot.gov.tr//#
378[#] https://www.eshot.gov.tr//#
379[#] https://www.eshot.gov.tr//#
380[#] https://www.eshot.gov.tr//#
381[#] https://www.eshot.gov.tr//#
382[#] https://www.eshot.gov.tr//#
383[#] https://www.eshot.gov.tr//#
384[#] https://www.eshot.gov.tr//#
385[#] https://www.eshot.gov.tr//#
386[#] https://www.eshot.gov.tr//#
387[#] https://www.eshot.gov.tr//#
388[#] https://www.eshot.gov.tr//#
389[#] https://www.eshot.gov.tr//#
390[#] https://www.eshot.gov.tr//#
391[#] https://www.eshot.gov.tr//#
392[#] https://www.eshot.gov.tr//#
393[#] https://www.eshot.gov.tr//#
394[#] https://www.eshot.gov.tr//#
395[#] https://www.eshot.gov.tr//#
396[#] https://www.eshot.gov.tr//#
397[#] https://www.eshot.gov.tr//#
398[#] https://www.eshot.gov.tr//#
399[#] https://www.eshot.gov.tr//#
400[#] https://www.eshot.gov.tr//#
401[#] https://www.eshot.gov.tr//#
402[#] https://www.eshot.gov.tr//#
403[#] https://www.eshot.gov.tr//#
404[#] https://www.eshot.gov.tr//#
405[#] https://www.eshot.gov.tr//#
406[#] https://www.eshot.gov.tr//#
407[#] https://www.eshot.gov.tr//#
408[#] https://www.eshot.gov.tr//#
409[#] https://www.eshot.gov.tr//#
410[#] https://www.eshot.gov.tr//#
411[#] https://www.eshot.gov.tr//#
412[#] https://www.eshot.gov.tr//#
413[#] https://www.eshot.gov.tr//#
414[#] https://www.eshot.gov.tr//#
415[#] https://www.eshot.gov.tr//#
416[#] https://www.eshot.gov.tr//#
417[#] https://www.eshot.gov.tr//#
418[#] https://www.eshot.gov.tr//#
419[#] https://www.eshot.gov.tr//#
420[#] https://www.eshot.gov.tr//#
421[#] https://www.eshot.gov.tr//#
422[#] https://www.eshot.gov.tr//#
423[#] https://www.eshot.gov.tr//#
424[#] https://www.eshot.gov.tr//#
425[#] https://www.eshot.gov.tr//#
426[#] https://www.eshot.gov.tr//#
427[#] https://www.eshot.gov.tr//#
428[#] https://www.eshot.gov.tr//#
429[#] https://www.eshot.gov.tr//#
430[#] https://www.eshot.gov.tr//#
431[#] https://www.eshot.gov.tr//#
432[#] https://www.eshot.gov.tr//#
433[#] https://www.eshot.gov.tr//#
434[#] https://www.eshot.gov.tr//#
435[#] https://www.eshot.gov.tr//#
436[#] https://www.eshot.gov.tr//#
437[#] https://www.eshot.gov.tr//#
438[#] https://www.eshot.gov.tr//#
439[#] https://www.eshot.gov.tr//#
440[#] https://www.eshot.gov.tr//#
441[#] https://www.eshot.gov.tr//#
442[#] https://www.eshot.gov.tr//#
443[#] https://www.eshot.gov.tr//#
444[#] https://www.eshot.gov.tr//#
445[#] https://www.eshot.gov.tr//#
446[#] https://www.eshot.gov.tr//#
447[#] https://www.eshot.gov.tr//#
448[#] https://www.eshot.gov.tr//#
449[#] https://www.eshot.gov.tr//#
450[#] https://www.eshot.gov.tr//#
451[#] https://www.eshot.gov.tr//#
452[#] https://www.eshot.gov.tr//#
453[#] https://www.eshot.gov.tr//#
454[#] https://www.eshot.gov.tr//#
455[#] https://www.eshot.gov.tr//#
456[#] https://www.eshot.gov.tr//#
457[#] https://www.eshot.gov.tr//#
458[#] https://www.eshot.gov.tr//#
459[#] https://www.eshot.gov.tr//#
460[#] https://www.eshot.gov.tr//#
461[#] https://www.eshot.gov.tr//#
462[#] https://www.eshot.gov.tr//#
463[#] https://www.eshot.gov.tr//#
464[#] https://www.eshot.gov.tr//#
465[#] https://www.eshot.gov.tr//#
466[#] https://www.eshot.gov.tr//#
467[#] https://www.eshot.gov.tr//#
468[#] https://www.eshot.gov.tr//#
469[#] https://www.eshot.gov.tr//#
470[#] https://www.eshot.gov.tr//#
471[#] https://www.eshot.gov.tr//#
472[#] https://www.eshot.gov.tr//#
473[#] https://www.eshot.gov.tr//#
474[#] https://www.eshot.gov.tr//#
475[#] https://www.eshot.gov.tr//#
476[#] https://www.eshot.gov.tr//#
477[#] https://www.eshot.gov.tr//#
478[#] https://www.eshot.gov.tr//#
479[#] https://www.eshot.gov.tr//#
480[#] https://www.eshot.gov.tr//#
481[#] https://www.eshot.gov.tr//#
482[#] https://www.eshot.gov.tr//#
483[#] https://www.eshot.gov.tr//#
484[#] https://www.eshot.gov.tr//#
485[#] https://www.eshot.gov.tr//#
486[#] https://www.eshot.gov.tr//#
487[#] https://www.eshot.gov.tr//#
488[#] https://www.eshot.gov.tr//#
489[#] https://www.eshot.gov.tr//#
490[#] https://www.eshot.gov.tr//#
491[#] https://www.eshot.gov.tr//#
492[#] https://www.eshot.gov.tr//#
493[#] https://www.eshot.gov.tr//#
494[#] https://www.eshot.gov.tr//#
495[#] https://www.eshot.gov.tr//#
496[#] https://www.eshot.gov.tr//#
497[#] https://www.eshot.gov.tr//#
498[#] https://www.eshot.gov.tr//#
499[#] https://www.eshot.gov.tr//#
500[#] https://www.eshot.gov.tr//#
501[#] https://www.eshot.gov.tr//#
502[#] https://www.eshot.gov.tr//#
503[#] https://www.eshot.gov.tr//#
504[#] https://www.eshot.gov.tr//#
505[#] https://www.eshot.gov.tr//#
506[#] https://www.eshot.gov.tr//#
507[#] https://www.eshot.gov.tr//#
508[#] https://www.eshot.gov.tr//#
509[#] https://www.eshot.gov.tr//#
510[#] https://www.eshot.gov.tr//#
511[#] https://www.eshot.gov.tr//#
512[#] https://www.eshot.gov.tr//#
513[#] https://www.eshot.gov.tr//#
514[#] https://www.eshot.gov.tr//#
515[#] https://www.eshot.gov.tr//#
516[#] https://www.eshot.gov.tr//#
517[#] https://www.eshot.gov.tr//#
518[#] https://www.eshot.gov.tr//#
519[#] https://www.eshot.gov.tr//#
520[#] https://www.eshot.gov.tr//#
521[#] https://www.eshot.gov.tr//#
522[#] https://www.eshot.gov.tr//#
523[#] https://www.eshot.gov.tr//#
524[#] https://www.eshot.gov.tr//#
525[#] https://www.eshot.gov.tr//#
526[#] https://www.eshot.gov.tr//#
527[#] https://www.eshot.gov.tr//#
528[#] https://www.eshot.gov.tr//#
529[#] https://www.eshot.gov.tr//#
530[#] https://www.eshot.gov.tr//#
531[#] https://www.eshot.gov.tr//#
532[#] https://www.eshot.gov.tr//#
533[#] https://www.eshot.gov.tr//#
534[#] https://www.eshot.gov.tr//#
535[#] https://www.eshot.gov.tr//#
536[#] https://www.eshot.gov.tr//#
537[#] https://www.eshot.gov.tr//#
538[#] https://www.eshot.gov.tr//#
539[#] https://www.eshot.gov.tr//#
540[#] https://www.eshot.gov.tr//#
541[#] https://www.eshot.gov.tr//#
542[#] https://www.eshot.gov.tr//#
543[#] https://www.eshot.gov.tr//#
544[#] https://www.eshot.gov.tr//#
545[#] https://www.eshot.gov.tr//#
546[#] https://www.eshot.gov.tr//#
547[#] https://www.eshot.gov.tr//#
548[#] https://www.eshot.gov.tr//#
549[#] https://www.eshot.gov.tr//#
550[#] https://www.eshot.gov.tr//#
551[#] https://www.eshot.gov.tr//#
552[#] https://www.eshot.gov.tr//#
553[#] https://www.eshot.gov.tr//#
554[#] https://www.eshot.gov.tr//#
555[#] https://www.eshot.gov.tr//#
556[#] https://www.eshot.gov.tr//#
557[#] https://www.eshot.gov.tr//#
558[#] https://www.eshot.gov.tr//#
559[#] https://www.eshot.gov.tr//#
560[#] https://www.eshot.gov.tr//#
561[#] https://www.eshot.gov.tr//#
562[#] https://www.eshot.gov.tr//#
563[#] https://www.eshot.gov.tr//#
564[#] https://www.eshot.gov.tr//#
565[#] https://www.eshot.gov.tr//#
566[#] https://www.eshot.gov.tr//#
567[#] https://www.eshot.gov.tr//#
568[#] https://www.eshot.gov.tr//#
569[#] https://www.eshot.gov.tr//#
570[#] https://www.eshot.gov.tr//#main-timetable
571[#] https://www.eshot.gov.tr//#considerations
572[#] https://www.eshot.gov.tr//#where-is-bus
573[#] https://www.eshot.gov.tr//#main-timetable
574[#] https://www.eshot.gov.tr//#considerations
575[#] https://www.eshot.gov.tr//#where-is-bus
576[#] https://www.eshot.gov.tr//#announcements
577[#] https://www.eshot.gov.tr//#announcements
578[#] https://www.eshot.gov.tr//#new-news
579[#] https://www.eshot.gov.tr//#new-news
580[#] https://online.eshot.gov.tr/giris#Bakiye_Sorgula
581[#] https://online.eshot.gov.tr/giris#Bakiye_Sorgula
582[#] https://online.eshot.gov.tr/giris#Bakiye_Sorgula
583[#] https://online.eshot.gov.tr/giris#TL_Yukle
584[#] https://online.eshot.gov.tr/giris#TL_Yukle
585[#] https://online.eshot.gov.tr/giris#TL_Yukle
586[#] https://online.eshot.gov.tr/giris#Bakiye_Sorgula
587--------------------------------------------------
588[!] 1 Internal Dynamic Parameter Discovered
589[+] https://www.eshot.gov.tr///BotDetectCaptcha.ashx?get=layoutStyleSheet
590--------------------------------------------------
591[-] No external Dynamic Paramter Found!?
592--------------------------------------------------
593[!] 554 Internal links Discovered
594[+] https://www.eshot.gov.tr///Content/css/fonts.css
595[+] https://www.eshot.gov.tr///Scripts/bootstrap/css/bootstrap.min.css
596[+] https://www.eshot.gov.tr///Scripts/bootstrap/css/bootstrap-theme.min.css
597[+] https://www.eshot.gov.tr///Scripts/chosen/chosen.css
598[+] https://www.eshot.gov.tr///Scripts/lightbox/css/add-ons.css
599[+] https://www.eshot.gov.tr///Content/css/helper.css
600[+] https://www.eshot.gov.tr///Content/css/main.css
601[+] https://www.eshot.gov.tr///Content/css/anasayfa.css
602[+] https://www.eshot.gov.tr///Content/css/jquery-ui.css
603[+] https://www.eshot.gov.tr///Scripts/smartbanner/jquery.smartbanner.css
604[+] https://www.eshot.gov.tr///en/Home
605[+] https://www.eshot.gov.tr///Ataturk
606[+] https://www.eshot.gov.tr//tel:+902323200320
607[+] https://www.eshot.gov.tr///en/Home
608[+] https://www.eshot.gov.tr//tel:+902323200320
609[+] https://www.eshot.gov.tr///tr/KayipEsyaBildirimFormu/122
610[+] https://www.eshot.gov.tr///tr/DogrudanTeminIlanlari/338
611[+] https://www.eshot.gov.tr///tr/DogrudanTeminIlanSonuclari/446
612[+] https://www.eshot.gov.tr///tr/DogrudanTeminIlanlari/338
613[+] https://www.eshot.gov.tr///tr/DogrudanTeminIlanSonuclari/446
614[+] https://www.eshot.gov.tr///tr/Ihaleler/337
615[+] https://www.eshot.gov.tr///tr/UcretTarifesi/114/77
616[+] https://www.eshot.gov.tr///tr/Anasayfa
617[+] https://www.eshot.gov.tr///tr/Anasayfa
618[+] https://www.eshot.gov.tr///tr/Tarihce/26/19
619[+] https://www.eshot.gov.tr///tr/OtobusFilomuz/10/44
620[+] https://www.eshot.gov.tr///tr/Ihaleler/337
621[+] https://www.eshot.gov.tr///tr/tuncSoyerOzgecmis/157/486
622[+] https://www.eshot.gov.tr///tr/Dokumanlar/126
623[+] https://www.eshot.gov.tr///tr/Tarihce/26/19
624[+] https://www.eshot.gov.tr///tr/KurulusAmaci/7/41
625[+] https://www.eshot.gov.tr///tr/EshotTalimatnamesi/2/20
626[+] https://www.eshot.gov.tr///tr/GorevYetki/111/313
627[+] https://www.eshot.gov.tr///tr/4483noluyasa/86/314
628[+] https://www.eshot.gov.tr///tr/MisyonVizyon/4/22
629[+] https://www.eshot.gov.tr///tr/entegreyonetimsistemipolitikasi/149/19
630[+] https://www.eshot.gov.tr///tr/kurumsaletikilkevedegerlerimiz/151/473
631[+] https://www.eshot.gov.tr///tr/SevkveIdare/27/147
632[+] https://www.eshot.gov.tr///tr/GenelMudur/11/45
633[+] https://www.eshot.gov.tr///tr/OrganizasyonYapisi/5/24
634[+] https://www.eshot.gov.tr///CKYuklenen/kurumsal/yolculuk_kurallari_yonetmeligi.pdf
635[+] https://www.eshot.gov.tr///tr/kaliteBelgeleri/156/485
636[+] https://www.eshot.gov.tr///tr/OtobusFilomuz/10/44
637[+] https://www.eshot.gov.tr///tr/gediz_atolye/90/312
638[+] https://www.eshot.gov.tr///tr/HizmetBinamiz/8/42
639[+] https://www.eshot.gov.tr///tr/BasinOdasi/82/392
640[+] https://www.eshot.gov.tr///tr/Ihaleler/337
641[+] https://www.eshot.gov.tr///tr/DogrudanTeminIlanlari/338
642[+] https://www.eshot.gov.tr///tr/DogrudanTeminIlanSonuclari/446
643[+] https://www.eshot.gov.tr///tr/SSS/339
644[+] https://www.eshot.gov.tr///tr/HizmetStandartlari/6/340
645[+] https://www.eshot.gov.tr///tr/hizmetenvanterleri/148/456
646[+] https://www.eshot.gov.tr///tr/UlasimdaUyulmasiGerekenKurallar/25/341
647[+] https://www.eshot.gov.tr///tr/anket/343
648[+] https://www.eshot.gov.tr///tr/HaberArsivi/92
649[+] https://www.eshot.gov.tr///tr/TumDuyurular/93
650[+] https://www.eshot.gov.tr///CKYuklenen/eys/EYSTemelBilgilendirmeKitapcigi.pdf
651[+] https://www.eshot.gov.tr///tr/tuncSoyerOzgecmis/157/486
652[+] https://www.eshot.gov.tr///tr/tuncSoyerOzgecmis/158/486
653[+] https://www.eshot.gov.tr///tr/Dokumanlar/126
654[+] https://www.eshot.gov.tr/YuklenenDosyalar/Dokumanlar/08052019_0421_2018Faaliyet.pdf
655[+] https://www.eshot.gov.tr///YuklenenDosyalar/Dokumanlar/eshot-2015-2019-stratejik-plan.pdf
656[+] http://www.eshot.gov.tr/YuklenenDosyalar/Dokumanlar/03012019_0225_2019PerformansProgrami.pdf
657[+] https://www.eshot.gov.tr/YuklenenDosyalar/Dokumanlar/17062019_1116_2018_kesin_hesap_rs.pdf
658[+] http://www.eshot.gov.tr/YuklenenDosyalar/Dokumanlar/03012019_0226_2019MaliYiliButcesi.pdf
659[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/288
660[+] https://www.eshot.gov.tr///tr/OnemliNoktalaraUlasim/302
661[+] https://www.eshot.gov.tr///tr/OtobusumNerede/290
662[+] https://www.eshot.gov.tr///tr/AdreseYakinDuraklar/301
663[+] https://www.eshot.gov.tr///tr/DuraktanGecenHatlar/299
664[+] https://www.eshot.gov.tr///tr/baykusGeceSeferleri/116/100
665[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/1/103
666[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/2/105
667[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/3/104
668[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/4/106
669[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/5/102
670[+] https://www.eshot.gov.tr///tr/BisikletAparatliHatlar/448
671[+] https://www.eshot.gov.tr///tr/bisiklettasimaaparati/150/471
672[+] https://www.eshot.gov.tr///tr/TurOtobusleri/22/107
673[+] https://www.eshot.gov.tr///tr/izmir-ulasim-haritalari/146/452
674[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/288
675[+] https://www.eshot.gov.tr///tr/OnemliNoktalaraUlasim/302
676[+] https://www.eshot.gov.tr///tr/OtobusumNerede/290
677[+] https://www.eshot.gov.tr///tr/AdreseYakinDuraklar/301
678[+] https://www.eshot.gov.tr///tr/DuraktanGecenHatlar/299
679[+] https://www.eshot.gov.tr///tr/baykusGeceSeferleri/116/100
680[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/1/103
681[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/2/105
682[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/3/104
683[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/4/106
684[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/5/102
685[+] https://www.eshot.gov.tr///tr/BisikletAparatliHatlar/448
686[+] https://www.eshot.gov.tr///tr/bisiklettasimaaparati/150/471
687[+] https://www.eshot.gov.tr///tr/TurOtobusleri/22/107
688[+] https://www.eshot.gov.tr///tr/izmir-ulasim-haritalari/146/452
689[+] https://www.eshot.gov.tr///tr/UlasimKartlari/326
690[+] https://www.eshot.gov.tr///tr/ucretsizulasimhakki/112/355
691[+] https://www.eshot.gov.tr///tr/KartDegisimMerkezi/113/324
692[+] https://www.eshot.gov.tr///tr/UcretTarifesi/114/320
693[+] http://www.eshot.gov.tr//CKYuklenen/izmirimkartYonerge2019.pdf
694[+] https://www.eshot.gov.tr///tr/UlasimKartlari/326
695[+] https://www.eshot.gov.tr///tr/ucretsizulasimhakki/112/355
696[+] https://www.eshot.gov.tr///tr/KartDegisimMerkezi/113/324
697[+] https://www.eshot.gov.tr///tr/UcretTarifesi/114/320
698[+] http://www.eshot.gov.tr//CKYuklenen/izmirimkartYonerge2019.pdf
699[+] https://www.eshot.gov.tr///tr/IletisimBilgilerimiz/1/116
700[+] https://www.eshot.gov.tr///Ataturk
701[+] https://www.eshot.gov.tr///Ataturk
702[+] https://www.eshot.gov.tr///Ataturk
703[+] https://www.eshot.gov.tr///Ataturk
704[+] https://www.eshot.gov.tr///Ataturk
705[+] https://www.eshot.gov.tr///Ataturk
706[+] https://www.eshot.gov.tr///Ataturk
707[+] https://www.eshot.gov.tr///Ataturk
708[+] https://www.eshot.gov.tr///Ataturk
709[+] https://www.eshot.gov.tr///Ataturk
710[+] https://www.eshot.gov.tr///tr/KartBasvurusuBilgilendirme/109
711[+] https://www.eshot.gov.tr///tr/KartBasvurusuBilgilendirme/109
712[+] https://www.eshot.gov.tr///tr/KartimBasildiMi/110
713[+] https://www.eshot.gov.tr///tr/OneriIstekSikayet/138
714[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/5/288
715[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/6/288
716[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/7/288
717[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/8/288
718[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/9/288
719[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/10/288
720[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/15/288
721[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/16/288
722[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/17/288
723[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/18/288
724[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/19/288
725[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/20/288
726[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/21/288
727[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/23/288
728[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/24/288
729[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/25/288
730[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/27/288
731[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/28/288
732[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/29/288
733[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/30/288
734[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/32/288
735[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/33/288
736[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/34/288
737[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/35/288
738[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/36/288
739[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/39/288
740[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/41/288
741[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/42/288
742[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/44/288
743[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/45/288
744[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/46/288
745[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/53/288
746[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/54/288
747[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/57/288
748[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/58/288
749[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/59/288
750[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/60/288
751[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/64/288
752[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/67/288
753[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/72/288
754[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/74/288
755[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/77/288
756[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/78/288
757[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/82/288
758[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/84/288
759[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/89/288
760[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/92/288
761[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/102/288
762[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/103/288
763[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/104/288
764[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/105/288
765[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/106/288
766[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/108/288
767[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/111/288
768[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/113/288
769[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/114/288
770[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/115/288
771[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/117/288
772[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/118/288
773[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/119/288
774[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/123/288
775[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/124/288
776[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/125/288
777[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/126/288
778[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/128/288
779[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/135/288
780[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/136/288
781[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/137/288
782[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/140/288
783[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/147/288
784[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/148/288
785[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/149/288
786[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/152/288
787[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/153/288
788[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/154/288
789[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/156/288
790[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/157/288
791[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/167/288
792[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/168/288
793[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/171/288
794[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/176/288
795[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/177/288
796[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/193/288
797[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/197/288
798[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/200/288
799[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/202/288
800[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/204/288
801[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/214/288
802[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/221/288
803[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/222/288
804[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/224/288
805[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/227/288
806[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/229/288
807[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/233/288
808[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/240/288
809[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/247/288
810[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/249/288
811[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/253/288
812[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/258/288
813[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/267/288
814[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/268/288
815[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/277/288
816[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/285/288
817[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/290/288
818[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/295/288
819[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/302/288
820[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/304/288
821[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/305/288
822[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/311/288
823[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/313/288
824[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/314/288
825[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/315/288
826[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/316/288
827[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/317/288
828[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/321/288
829[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/326/288
830[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/328/288
831[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/329/288
832[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/330/288
833[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/335/288
834[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/338/288
835[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/342/288
836[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/344/288
837[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/346/288
838[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/348/288
839[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/353/288
840[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/358/288
841[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/359/288
842[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/361/288
843[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/365/288
844[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/367/288
845[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/368/288
846[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/374/288
847[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/390/288
848[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/412/288
849[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/415/288
850[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/417/288
851[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/418/288
852[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/423/288
853[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/428/288
854[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/429/288
855[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/430/288
856[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/434/288
857[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/435/288
858[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/441/288
859[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/442/288
860[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/443/288
861[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/445/288
862[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/446/288
863[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/447/288
864[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/449/288
865[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/465/288
866[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/466/288
867[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/470/288
868[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/476/288
869[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/477/288
870[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/480/288
871[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/484/288
872[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/485/288
873[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/486/288
874[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/487/288
875[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/490/288
876[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/498/288
877[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/501/288
878[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/502/288
879[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/503/288
880[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/504/288
881[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/505/288
882[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/510/288
883[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/520/288
884[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/523/288
885[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/524/288
886[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/525/288
887[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/529/288
888[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/543/288
889[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/547/288
890[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/550/288
891[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/551/288
892[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/555/288
893[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/556/288
894[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/560/288
895[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/564/288
896[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/565/288
897[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/566/288
898[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/568/288
899[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/570/288
900[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/579/288
901[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/584/288
902[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/585/288
903[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/587/288
904[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/588/288
905[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/595/288
906[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/596/288
907[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/599/288
908[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/610/288
909[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/640/288
910[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/650/288
911[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/655/288
912[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/662/288
913[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/671/288
914[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/676/288
915[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/680/288
916[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/681/288
917[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/690/288
918[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/691/288
919[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/695/288
920[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/699/288
921[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/701/288
922[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/704/288
923[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/705/288
924[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/707/288
925[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/708/288
926[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/709/288
927[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/710/288
928[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/712/288
929[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/713/288
930[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/714/288
931[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/721/288
932[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/722/288
933[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/724/288
934[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/727/288
935[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/728/288
936[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/729/288
937[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/731/288
938[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/732/288
939[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/733/288
940[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/734/288
941[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/737/288
942[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/738/288
943[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/739/288
944[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/741/288
945[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/742/288
946[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/744/288
947[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/745/288
948[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/747/288
949[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/748/288
950[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/749/288
951[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/750/288
952[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/751/288
953[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/752/288
954[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/754/288
955[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/755/288
956[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/756/288
957[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/757/288
958[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/758/288
959[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/760/288
960[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/761/288
961[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/766/288
962[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/767/288
963[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/768/288
964[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/769/288
965[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/770/288
966[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/772/288
967[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/775/288
968[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/776/288
969[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/777/288
970[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/778/288
971[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/780/288
972[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/781/288
973[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/782/288
974[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/783/288
975[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/784/288
976[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/785/288
977[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/786/288
978[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/787/288
979[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/788/288
980[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/789/288
981[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/790/288
982[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/791/288
983[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/792/288
984[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/793/288
985[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/795/288
986[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/796/288
987[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/797/288
988[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/798/288
989[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/800/288
990[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/804/288
991[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/805/288
992[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/808/288
993[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/810/288
994[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/811/288
995[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/814/288
996[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/816/288
997[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/817/288
998[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/818/288
999[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/820/288
1000[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/821/288
1001[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/823/288
1002[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/826/288
1003[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/827/288
1004[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/828/288
1005[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/829/288
1006[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/835/288
1007[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/836/288
1008[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/837/288
1009[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/838/288
1010[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/847/288
1011[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/848/288
1012[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/850/288
1013[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/853/288
1014[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/866/288
1015[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/871/288
1016[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/873/288
1017[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/874/288
1018[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/875/288
1019[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/876/288
1020[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/877/288
1021[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/878/288
1022[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/879/288
1023[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/882/288
1024[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/885/288
1025[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/887/288
1026[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/889/288
1027[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/891/288
1028[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/910/288
1029[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/912/288
1030[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/914/288
1031[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/915/288
1032[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/917/288
1033[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/918/288
1034[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/919/288
1035[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/920/288
1036[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/921/288
1037[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/922/288
1038[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/923/288
1039[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/924/288
1040[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/925/288
1041[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/926/288
1042[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/927/288
1043[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/928/288
1044[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/930/288
1045[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/940/288
1046[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/945/288
1047[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/950/288
1048[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/951/288
1049[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/963/288
1050[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/969/288
1051[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/971/288
1052[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/981/288
1053[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/982/288
1054[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/983/288
1055[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/984/288
1056[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/985/288
1057[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/988/288
1058[+] https://www.eshot.gov.tr///tr/Duyurular/3773/94
1059[+] https://www.eshot.gov.tr///tr/Duyurular/3773/94
1060[+] https://www.eshot.gov.tr///tr/Duyurular/3783/94
1061[+] https://www.eshot.gov.tr///tr/Duyurular/3783/94
1062[+] https://www.eshot.gov.tr///tr/Duyurular/3785/94
1063[+] https://www.eshot.gov.tr///tr/Duyurular/3785/94
1064[+] https://www.eshot.gov.tr///tr/Duyurular/3787/94
1065[+] https://www.eshot.gov.tr///tr/Duyurular/3787/94
1066[+] https://www.eshot.gov.tr///tr/Duyurular/3788/94
1067[+] https://www.eshot.gov.tr///tr/Duyurular/3788/94
1068[+] https://www.eshot.gov.tr///tr/Duyurular/3778/94
1069[+] https://www.eshot.gov.tr///tr/Duyurular/3778/94
1070[+] https://www.eshot.gov.tr///tr/Duyurular/3658/94
1071[+] https://www.eshot.gov.tr///tr/Duyurular/3658/94
1072[+] https://www.eshot.gov.tr///tr/Duyurular/3780/94
1073[+] https://www.eshot.gov.tr///tr/Duyurular/3780/94
1074[+] https://www.eshot.gov.tr///tr/Duyurular/3784/94
1075[+] https://www.eshot.gov.tr///tr/Duyurular/3784/94
1076[+] https://www.eshot.gov.tr///tr/Duyurular/3786/94
1077[+] https://www.eshot.gov.tr///tr/Duyurular/3786/94
1078[+] https://online.eshot.gov.tr
1079[+] https://www.eshot.gov.tr///tr/Haberler/3708/91
1080[+] https://www.eshot.gov.tr///tr/Haberler/3708/91
1081[+] https://www.eshot.gov.tr///tr/Haberler/3708/91
1082[+] https://www.eshot.gov.tr///tr/Haberler/3707/91
1083[+] https://www.eshot.gov.tr///tr/Haberler/3707/91
1084[+] https://www.eshot.gov.tr///tr/Haberler/3707/91
1085[+] https://www.eshot.gov.tr///tr/Haberler/3706/91
1086[+] https://www.eshot.gov.tr///tr/Haberler/3706/91
1087[+] https://www.eshot.gov.tr///tr/Haberler/3706/91
1088[+] https://www.eshot.gov.tr///tr/Haberler/3705/91
1089[+] https://www.eshot.gov.tr///tr/Haberler/3705/91
1090[+] https://www.eshot.gov.tr///tr/Haberler/3705/91
1091[+] https://www.eshot.gov.tr///tr/Haberler/3704/91
1092[+] https://www.eshot.gov.tr///tr/Haberler/3704/91
1093[+] https://www.eshot.gov.tr///tr/Haberler/3704/91
1094[+] https://www.eshot.gov.tr///tr/HaberArsivi/92
1095[+] https://www.eshot.gov.tr///tr/CevreselSonuclar
1096[+] https://www.eshot.gov.tr///tr/CevreselSonuclar
1097[+] https://www.eshot.gov.tr///tr/CevreselSonuclar
1098[+] https://www.eshot.gov.tr/tr/OneriVeGorusler/490
1099[+] https://www.eshot.gov.tr/tr/OneriVeGorusler/490
1100[+] https://www.eshot.gov.tr/tr/OneriVeGorusler/490
1101[+] https://www.eshot.gov.tr///tr/UlasimSaatleri/393
1102[+] https://www.eshot.gov.tr///tr/OnemliNoktalaraUlasim/395
1103[+] https://www.eshot.gov.tr///tr/OtobusumNerede/396
1104[+] https://www.eshot.gov.tr///tr/AdreseYakinDuraklar/397
1105[+] https://www.eshot.gov.tr///tr/DuraktanGecenHatlar/398
1106[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/1/65
1107[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/2/67
1108[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/3/66
1109[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/4/68
1110[+] https://www.eshot.gov.tr///tr/BaglantiliHatlar/5/64
1111[+] https://www.eshot.gov.tr///tr/BisikletAparatliHatlar/450
1112[+] https://www.eshot.gov.tr///tr/baykusGeceSeferleri/116/62
1113[+] https://www.eshot.gov.tr///tr/TurOtobusleri/22/69
1114[+] https://www.eshot.gov.tr///tr/izmir-ulasim-haritalari/146/107
1115[+] https://www.eshot.gov.tr///tr/UlasimKartlari/71
1116[+] https://www.eshot.gov.tr///tr/ucretsizulasimhakki/112/399
1117[+] https://www.eshot.gov.tr///tr/KartDegisimMerkezi/113/76
1118[+] https://www.eshot.gov.tr///tr/UcretTarifesi/114/77
1119[+] https://www.eshot.gov.tr///tr/GittiginKadarOde/288
1120[+] https://www.eshot.gov.tr///tr/Bilet35/115/78
1121[+] https://www.eshot.gov.tr///tr/aktarmali-ulasim/143/78
1122[+] https://www.eshot.gov.tr///tr/OneriIstekSikayet/81
1123[+] https://www.eshot.gov.tr///tr/KayipEsyaBildirimFormu/144
1124[+] https://www.eshot.gov.tr///tr/HizmetStandartlari/6/86
1125[+] https://www.eshot.gov.tr///tr/Ihaleler/84
1126[+] https://www.eshot.gov.tr///tr/hizmetenvanterleri/148/340
1127[+] https://www.eshot.gov.tr///tr/DogrudanTeminIlanlari/85
1128[+] https://www.eshot.gov.tr///tr/SSS/402
1129[+] https://www.eshot.gov.tr///tr/UlasimdaUyulmasiGerekenKurallar/25/87
1130[+] https://www.eshot.gov.tr///tr/FotoGaleri/403
1131[+] https://www.eshot.gov.tr///tr/HaberArsivi/404
1132[+] https://www.eshot.gov.tr///tr/TumDuyurular/405
1133[+] https://www.eshot.gov.tr///tr/SiteHaritasi/292
1134[+] https://www.eshot.gov.tr//tel:+902322935000
1135[+] http://personel.eshot.gov.tr/Personel/Login
1136[+] https://www.eshot.gov.tr///tr/OneriIstekSikayet/138
1137[+] https://dogrulama.eshot.gov.tr/BelgeDogrulama.aspx
1138[+] https://www.eshot.gov.tr/tr/kaliteBelgeleri/156/485
1139[+] https://www.eshot.gov.tr/tr/kaliteBelgeleri/156/485
1140[+] https://www.eshot.gov.tr/tr/kaliteBelgeleri/156/485
1141[+] https://www.eshot.gov.tr/tr/kaliteBelgeleri/156/485
1142[+] https://www.eshot.gov.tr///tr/Anasayfa
1143[+] https://www.eshot.gov.tr///tr/Tarihce/26/19
1144[+] https://www.eshot.gov.tr///tr/SevkveIdare/27/147
1145[+] https://www.eshot.gov.tr///tr/UlasimKartlari/326
1146[+] https://www.eshot.gov.tr///tr/IletisimBilgilerimiz/1/116
1147[+] http://www.eshot.gov.tr
1148--------------------------------------------------
1149[!] 13 External links Discovered
1150[#] https://www.izmirimkart.com.tr/tr/IlkKartBasvurusuBilgilendirme/109
1151[#] https://www.izmirimkart.com.tr/tr/BasvuruDurumu/109
1152[#] https://www.izmirimkart.com.tr/tr/IlkKartBasvurusuBilgilendirme/109
1153[#] https://www.izmirimkart.com.tr/tr/BasvuruDurumu/109
1154[#] https://www.izmirimkart.com.tr/tr/IlkKartBasvurusuBilgilendirme/109
1155[#] https://www.izmirimkart.com.tr/tr/IlkKartBasvurusuBilgilendirme/109
1156[#] https://www.izmirimkart.com.tr/tr/IlkKartBasvurusuBilgilendirme/109
1157[#] https://www.izmirimkart.com.tr/tr/BasvuruDurumu/109
1158[#] https://www.izmirimkart.com.tr/tr/BasvuruDurumu/109
1159[#] https://www.izmirimkart.com.tr/tr/BasvuruDurumu/109
1160[#] https://www.izmirimkart.com.tr/tr/IlkKartBasvurusuBilgilendirme/109
1161[#] https://www.izmirimkart.com.tr/tr/BasvuruDurumu/109
1162[#] https://www.izmir.bel.tr/
1163--------------------------------------------------
1164[#] Mapping Subdomain..
1165[!] Found 17 Subdomain
1166- eshot.gov.tr
1167- dogrulama.eshot.gov.tr
1168- zimbra.eshot.gov.tr
1169- online.eshot.gov.tr
1170- pmg.eshot.gov.tr
1171- zpush.eshot.gov.tr
1172- kartservisleri.eshot.gov.tr
1173- bayi.eshot.gov.tr
1174- track.eshot.gov.tr
1175- click.eshot.gov.tr
1176- postal.eshot.gov.tr
1177- track.postal.eshot.gov.tr
1178- mail.eshot.gov.tr
1179- mobil.eshot.gov.tr
1180- vpn.eshot.gov.tr
1181- ubsws.eshot.gov.tr
1182- www.eshot.gov.tr
1183--------------------------------------------------
1184[!] Done At 2019-10-17 23:37:37.699930
1185#######################################################################################################################################
1186[i] Scanning Site: https://www.eshot.gov.tr
1187
1188
1189
1190B A S I C I N F O
1191====================
1192
1193
1194[+] Site Title: Eshot Genel Müdürlüğü Resmi Web Sitesi
1195[+] IP address: 185.182.239.167
1196[+] Web Server: Microsoft-IIS/8.5
1197[+] CMS: Could Not Detect
1198[+] Cloudflare: Not Detected
1199[+] Robots File: Could NOT Find robots.txt!
1200
1201
1202
1203
1204W H O I S L O O K U P
1205========================
1206
1207 ** Domain Name: eshot.gov.tr
1208
1209** Registrant:
1210 T.C. İzmir Büyükşehir Belediyesi Eshot Genel Müdürlüğü
1211 222 Sokak No: 500 Gediz/ Buca
1212 35140
1213 İzmir,
1214 Türkiye
1215 info@eshot.gov.tr
1216 + 90-232-2762922-
1217 + 90-232-2761753
1218
1219
1220** Administrative Contact:
1221NIC Handle : uoe3-metu
1222Organization Name : Ünibel Özel Eğitim ve Bilgi Teknolojileri San. Ve Tic. A.Ş.
1223Address : Hidden upon user request
1224Phone : Hidden upon user request
1225Fax : Hidden upon user request
1226
1227
1228** Technical Contact:
1229NIC Handle : uoe3-metu
1230Organization Name : Ünibel Özel Eğitim ve Bilgi Teknolojileri San. Ve Tic. A.Ş.
1231Address : Hidden upon user request
1232Phone : Hidden upon user request
1233Fax : Hidden upon user request
1234
1235
1236** Billing Contact:
1237NIC Handle : uoe3-metu
1238Organization Name : Ünibel Özel Eğitim ve Bilgi Teknolojileri San. Ve Tic. A.Ş.
1239Address : Hidden upon user request
1240Phone : Hidden upon user request
1241Fax : Hidden upon user request
1242
1243
1244** Domain Servers:
1245ns01.unibel.com.tr
1246ns02.unibel.com.tr
1247ns01.izmir-bld.gov.tr
1248ns02.izmir-bld.gov.tr
1249
1250** Additional Info:
1251Created on..............: 2002-Mar-05.
1252Expires on..............: 2021-Mar-04.
1253
1254
1255
1256
1257G E O I P L O O K U P
1258=========================
1259
1260[i] IP Address: 185.182.239.167
1261[i] Country: Turkey
1262[i] State: Izmir
1263[i] City: Izmir
1264[i] Latitude: 38.3864
1265[i] Longitude: 27.1791
1266
1267
1268
1269
1270H T T P H E A D E R S
1271=======================
1272
1273
1274[i] HTTP/1.1 302 Found
1275[i] Cache-Control: private
1276[i] Content-Type: text/html; charset=utf-8
1277[i] Location: /?AspxAutoDetectCookieSupport=1
1278[i] Server: Microsoft-IIS/8.5
1279[i] X-AspNet-Version: 4.0.30319
1280[i] Set-Cookie: AspxAutoDetectCookieSupport=1; path=/
1281[i] X-Powered-By: ASP.NET
1282[i] Date: Fri, 18 Oct 2019 03:36:32 GMT
1283[i] Connection: close
1284[i] HTTP/1.1 302 Found
1285[i] Location: /(X(1)S(y0sfo1sar2t3c3gvnaqltrni))/?AspxAutoDetectCookieSupport=1
1286[i] Server: Microsoft-IIS/8.5
1287[i] X-Powered-By: ASP.NET
1288[i] Date: Fri, 18 Oct 2019 03:36:34 GMT
1289[i] Connection: close
1290[i] Content-Length: 182
1291[i] HTTP/1.1 200 OK
1292[i] Cache-Control: private
1293[i] Content-Type: text/html; charset=utf-8
1294[i] Server: Microsoft-IIS/8.5
1295[i] X-AspNetMvc-Version: 5.0
1296[i] X-AspNet-Version: 4.0.30319
1297[i] X-Powered-By: ASP.NET
1298[i] Date: Fri, 18 Oct 2019 03:36:36 GMT
1299[i] Connection: close
1300[i] Content-Length: 264360
1301
1302
1303
1304
1305D N S L O O K U P
1306===================
1307
1308eshot.gov.tr. 59 IN A 185.182.239.167
1309eshot.gov.tr. 3599 IN NS ns01.unibel.com.tr.
1310eshot.gov.tr. 59 IN NS ns01.izmir-bld.gov.tr.
1311eshot.gov.tr. 59 IN NS ns02.unibel.com.tr.
1312eshot.gov.tr. 59 IN NS ns02.izmir-bld.gov.tr.
1313eshot.gov.tr. 59 IN SOA ns01.unibel.com.tr. sistem.unibel.com.tr. 344 60 60 60 60
1314eshot.gov.tr. 59 IN MX 10 pmg.eshot.gov.tr.
1315eshot.gov.tr. 59 IN TXT "BCIyEtcMTevm0/UJwBk+8gh4oBq8YucD81H2awlFVho="
1316eshot.gov.tr. 59 IN TXT "u9P5vc2onyGzMHmbaOvU9FnjacX7TuOMU4gBaHR9gKY="
1317eshot.gov.tr. 59 IN TXT "@ h00apm0ddhdjrmcnkd4rkeooag"
1318eshot.gov.tr. 59 IN TXT "h00apm0ddhdjrmcnkd4rkeooag"
1319eshot.gov.tr. 59 IN TXT "v=spf1 a mx ptr ip4:176.235.106.54 ip4:185.182.236.232 ip4:185.182.236.234 include:spf.postal.eshot.gov.tr -all"
1320
1321
1322
1323
1324S U B N E T C A L C U L A T I O N
1325====================================
1326
1327Address = 185.182.239.167
1328Network = 185.182.239.167 / 32
1329Netmask = 255.255.255.255
1330Broadcast = not needed on Point-to-Point links
1331Wildcard Mask = 0.0.0.0
1332Hosts Bits = 0
1333Max. Hosts = 1 (2^0 - 0)
1334Host Range = { 185.182.239.167 - 185.182.239.167 }
1335
1336
1337
1338N M A P P O R T S C A N
1339============================
1340
1341Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-18 03:37 UTC
1342Nmap scan report for eshot.gov.tr (185.182.239.167)
1343Host is up (0.14s latency).
1344
1345PORT STATE SERVICE
134621/tcp filtered ftp
134722/tcp filtered ssh
134823/tcp filtered telnet
134980/tcp open http
1350110/tcp filtered pop3
1351143/tcp filtered imap
1352443/tcp open https
13533389/tcp filtered ms-wbt-server
1354
1355Nmap done: 1 IP address (1 host up) scanned in 3.19 seconds
1356
1357
1358
1359S U B - D O M A I N F I N D E R
1360==================================
1361
1362
1363[i] Total Subdomains Found : 16
1364
1365[+] Subdomain: dogrulama.eshot.gov.tr
1366[-] IP: 212.252.213.166
1367
1368[+] Subdomain: zimbra.eshot.gov.tr
1369[-] IP: 176.235.106.54
1370
1371[+] Subdomain: online.eshot.gov.tr
1372[-] IP: 212.252.213.167
1373
1374[+] Subdomain: pmg.eshot.gov.tr
1375[-] IP: 176.235.106.61
1376
1377[+] Subdomain: zpush.eshot.gov.tr
1378[-] IP: 176.235.106.60
1379
1380[+] Subdomain: kartservisleri.eshot.gov.tr
1381[-] IP: 10.11.150.244
1382
1383[+] Subdomain: bayi.eshot.gov.tr
1384[-] IP: 212.252.213.167
1385
1386[+] Subdomain: track.eshot.gov.tr
1387[-] IP: 176.235.106.80
1388
1389[+] Subdomain: click.eshot.gov.tr
1390[-] IP: 176.235.106.80
1391
1392[+] Subdomain: postal.eshot.gov.tr
1393[-] IP: 176.235.106.80
1394
1395[+] Subdomain: track.postal.eshot.gov.tr
1396[-] IP: 176.235.106.80
1397
1398[+] Subdomain: mail.eshot.gov.tr
1399[-] IP: 176.235.106.54
1400
1401[+] Subdomain: mobil.eshot.gov.tr
1402[-] IP: 185.182.236.246
1403
1404[+] Subdomain: vpn.eshot.gov.tr
1405[-] IP: 212.57.24.196
1406
1407[+] Subdomain: ubsws.eshot.gov.tr
1408[-] IP: 185.182.236.246
1409
1410[+] Subdomain: www.eshot.gov.tr
1411[-] IP: 212.252.213.167
1412######################################################################################################################################
1413[INFO] ------TARGET info------
1414[*] TARGET: https://www.eshot.gov.tr/?AspxAutoDetectCookieSupport=1
1415[*] TARGET IP: 185.182.239.167
1416[INFO] NO load balancer detected for www.eshot.gov.tr...
1417[*] DNS servers: ns01.unibel.com.tr.
1418[*] TARGET server: Microsoft-IIS/8.5
1419[*] CC: TR
1420[*] Country: Turkey
1421[*] RegionCode: 35
1422[*] RegionName: Izmir
1423[*] City: OEdemis
1424[*] ASN: AS206556
1425[*] BGP_PREFIX: 185.182.239.0/24
1426[*] ISP: izmirbb Izmir Buyuksehir Belediyesi, TR
1427[INFO] SSL/HTTPS certificate detected
1428[*] Issuer: issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
1429[*] Subject: subject=OU = Domain Control Validated, OU = PositiveSSL, CN = www.eshot.gov.tr
1430[INFO] DNS enumeration:
1431[*] intranet.eshot.gov.tr 10.11.150.244
1432[*] mail.eshot.gov.tr 176.235.106.54
1433[*] mobile.eshot.gov.tr 185.182.239.165
1434[*] old.eshot.gov.tr 185.182.236.246
1435[*] test.eshot.gov.tr 10.29.152.75
1436[*] vpn.eshot.gov.tr 185.182.239.196
1437[INFO] Possible abuse mails are:
1438[*] abuse@eshot.gov.tr
1439[*] abuse@www.eshot.gov.tr
1440[INFO] NO PAC (Proxy Auto Configuration) file FOUND
1441[INFO] Starting FUZZing in http://www.eshot.gov.tr/FUzZzZzZzZz...
1442[INFO] Status code Folders
1443[ALERT] Look in the source code. It may contain passwords
1444[INFO] Links found from https://www.eshot.gov.tr/?AspxAutoDetectCookieSupport=1 http://185.182.239.167/:
1445[*] http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409
1446[*] http://personel.eshot.gov.tr/Personel/Login
1447[*] https://dogrulama.eshot.gov.tr/BelgeDogrulama.aspx
1448[*] https://online.eshot.gov.tr/
1449[*] https://online.eshot.gov.tr/giris#Bakiye_Sorgula
1450[*] https://online.eshot.gov.tr/giris#TL_Yukle
1451[*] https://www.cimer.gov.tr/?bim=CfDJ8CLd_u-3vtlEmchj_bWBwBfrxQWb14oZuk8DNXjXEt1gmJgF-oD87SqSRaRjGQX8QaZjiwX3cPp_lCU3kKcGf5w6noNqrc_Mh7cnd1LwWSUXbMDLqT5BtzXZW2yqyjp0nlDGJQ-alchyl9GCS1a9xRqHU2SUDy6LLfVJ3_1g8wGGxQt5DdD5Xrdx2ayjkUVYXQ
1452[*] https://www.eshot.gov.tr/Ataturk
1453[*] https://www.eshot.gov.tr/CKYuklenen/eys/EYSTemelBilgilendirmeKitapcigi.pdf
1454[*] https://www.eshot.gov.tr/CKYuklenen/kurumsal/yolculuk_kurallari_yonetmeligi.pdf
1455[*] https://www.eshot.gov.tr/en/Home
1456[*] https://www.eshot.gov.tr/tr/4483noluyasa/86/314
1457[*] https://www.eshot.gov.tr/tr/AdreseYakinDuraklar/301
1458[*] https://www.eshot.gov.tr/tr/AdreseYakinDuraklar/397
1459[*] https://www.eshot.gov.tr/tr/aktarmali-ulasim/143/78
1460[*] https://www.eshot.gov.tr/tr/Anasayfa
1461[*] https://www.eshot.gov.tr/tr/anket/343
1462[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/1/103
1463[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/1/65
1464[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/2/105
1465[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/2/67
1466[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/3/104
1467[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/3/66
1468[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/4/106
1469[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/4/68
1470[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/5/102
1471[*] https://www.eshot.gov.tr/tr/BaglantiliHatlar/5/64
1472[*] https://www.eshot.gov.tr/tr/BasinOdasi/82/392
1473[*] https://www.eshot.gov.tr/tr/baykusGeceSeferleri/116/100
1474[*] https://www.eshot.gov.tr/tr/baykusGeceSeferleri/116/62
1475[*] https://www.eshot.gov.tr/tr/Bilet35/115/78
1476[*] https://www.eshot.gov.tr/tr/BisikletAparatliHatlar/448
1477[*] https://www.eshot.gov.tr/tr/BisikletAparatliHatlar/450
1478[*] https://www.eshot.gov.tr/tr/bisiklettasimaaparati/150/471
1479[*] https://www.eshot.gov.tr/tr/CevreselSonuclar
1480[*] https://www.eshot.gov.tr/tr/DogrudanTeminIlanlari/338
1481[*] https://www.eshot.gov.tr/tr/DogrudanTeminIlanlari/85
1482[*] https://www.eshot.gov.tr/tr/DogrudanTeminIlanSonuclari/446
1483[*] https://www.eshot.gov.tr/tr/Dokumanlar/126
1484[*] https://www.eshot.gov.tr/tr/DuraktanGecenHatlar/299
1485[*] https://www.eshot.gov.tr/tr/DuraktanGecenHatlar/398
1486[*] https://www.eshot.gov.tr/tr/Duyurular/3658/94
1487[*] https://www.eshot.gov.tr/tr/Duyurular/3773/94
1488[*] https://www.eshot.gov.tr/tr/Duyurular/3778/94
1489[*] https://www.eshot.gov.tr/tr/Duyurular/3780/94
1490[*] https://www.eshot.gov.tr/tr/Duyurular/3783/94
1491[*] https://www.eshot.gov.tr/tr/Duyurular/3784/94
1492[*] https://www.eshot.gov.tr/tr/Duyurular/3785/94
1493[*] https://www.eshot.gov.tr/tr/Duyurular/3786/94
1494[*] https://www.eshot.gov.tr/tr/Duyurular/3787/94
1495[*] https://www.eshot.gov.tr/tr/Duyurular/3788/94
1496[*] https://www.eshot.gov.tr/tr/entegreyonetimsistemipolitikasi/149/19
1497[*] https://www.eshot.gov.tr/tr/EshotTalimatnamesi/2/20
1498[*] https://www.eshot.gov.tr/tr/FotoGaleri/403
1499[*] https://www.eshot.gov.tr/tr/gediz_atolye/90/312
1500[*] https://www.eshot.gov.tr/tr/GenelMudur/11/45
1501[*] https://www.eshot.gov.tr/tr/GittiginKadarOde/288
1502[*] https://www.eshot.gov.tr/tr/GorevYetki/111/313
1503[*] https://www.eshot.gov.tr/tr/HaberArsivi/404
1504[*] https://www.eshot.gov.tr/tr/HaberArsivi/92
1505[*] https://www.eshot.gov.tr/tr/Haberler/3704/91
1506[*] https://www.eshot.gov.tr/tr/Haberler/3705/91
1507[*] https://www.eshot.gov.tr/tr/Haberler/3706/91
1508[*] https://www.eshot.gov.tr/tr/Haberler/3707/91
1509[*] https://www.eshot.gov.tr/tr/Haberler/3708/91
1510[*] https://www.eshot.gov.tr/tr/HizmetBinamiz/8/42
1511[*] https://www.eshot.gov.tr/tr/hizmetenvanterleri/148/340
1512[*] https://www.eshot.gov.tr/tr/hizmetenvanterleri/148/456
1513[*] https://www.eshot.gov.tr/tr/HizmetStandartlari/6/340
1514[*] https://www.eshot.gov.tr/tr/HizmetStandartlari/6/86
1515[*] https://www.eshot.gov.tr/tr/Ihaleler/337
1516[*] https://www.eshot.gov.tr/tr/Ihaleler/84
1517[*] https://www.eshot.gov.tr/tr/IletisimBilgilerimiz/1/116
1518[*] https://www.eshot.gov.tr/tr/izmir-ulasim-haritalari/146/107
1519[*] https://www.eshot.gov.tr/tr/izmir-ulasim-haritalari/146/452
1520[*] https://www.eshot.gov.tr/tr/kaliteBelgeleri/156/485
1521[*] https://www.eshot.gov.tr/tr/KartBasvurusuBilgilendirme/109
1522[*] https://www.eshot.gov.tr/tr/KartDegisimMerkezi/113/324
1523[*] https://www.eshot.gov.tr/tr/KartDegisimMerkezi/113/76
1524[*] https://www.eshot.gov.tr/tr/KartimBasildiMi/110
1525[*] https://www.eshot.gov.tr/tr/KayipEsyaBildirimFormu/122
1526[*] https://www.eshot.gov.tr/tr/KayipEsyaBildirimFormu/144
1527[*] https://www.eshot.gov.tr/tr/KurulusAmaci/7/41
1528[*] https://www.eshot.gov.tr/tr/kurumsaletikilkevedegerlerimiz/151/473
1529[*] https://www.eshot.gov.tr/tr/MisyonVizyon/4/22
1530[*] https://www.eshot.gov.tr/tr/OnemliNoktalaraUlasim/302
1531[*] https://www.eshot.gov.tr/tr/OnemliNoktalaraUlasim/395
1532[*] https://www.eshot.gov.tr/tr/OneriIstekSikayet/138
1533[*] https://www.eshot.gov.tr/tr/OneriIstekSikayet/81
1534[*] https://www.eshot.gov.tr/tr/OneriVeGorusler/490
1535[*] https://www.eshot.gov.tr/tr/OrganizasyonYapisi/5/24
1536[*] https://www.eshot.gov.tr/tr/OtobusFilomuz/10/44
1537[*] https://www.eshot.gov.tr/tr/OtobusumNerede/290
1538[*] https://www.eshot.gov.tr/tr/OtobusumNerede/396
1539[*] https://www.eshot.gov.tr/tr/SevkveIdare/27/147
1540[*] https://www.eshot.gov.tr/tr/SiteHaritasi/292
1541[*] https://www.eshot.gov.tr/tr/SSS/339
1542[*] https://www.eshot.gov.tr/tr/SSS/402
1543[*] https://www.eshot.gov.tr/tr/Tarihce/26/19
1544[*] https://www.eshot.gov.tr/tr/TumDuyurular/405
1545[*] https://www.eshot.gov.tr/tr/TumDuyurular/93
1546[*] https://www.eshot.gov.tr/tr/tuncSoyerOzgecmis/157/486
1547[*] https://www.eshot.gov.tr/tr/tuncSoyerOzgecmis/158/486
1548[*] https://www.eshot.gov.tr/tr/TurOtobusleri/22/107
1549[*] https://www.eshot.gov.tr/tr/TurOtobusleri/22/69
1550[*] https://www.eshot.gov.tr/tr/ucretsizulasimhakki/112/355
1551[*] https://www.eshot.gov.tr/tr/ucretsizulasimhakki/112/399
1552[*] https://www.eshot.gov.tr/tr/UcretTarifesi/114/320
1553[*] https://www.eshot.gov.tr/tr/UcretTarifesi/114/77
1554[*] https://www.eshot.gov.tr/tr/UlasimdaUyulmasiGerekenKurallar/25/341
1555[*] https://www.eshot.gov.tr/tr/UlasimdaUyulmasiGerekenKurallar/25/87
1556[*] https://www.eshot.gov.tr/tr/UlasimKartlari/326
1557[*] https://www.eshot.gov.tr/tr/UlasimKartlari/71
1558[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/102/288
1559[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/10/288
1560[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/103/288
1561[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/104/288
1562[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/105/288
1563[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/106/288
1564[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/108/288
1565[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/111/288
1566[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/113/288
1567[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/114/288
1568[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/115/288
1569[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/117/288
1570[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/118/288
1571[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/119/288
1572[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/123/288
1573[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/124/288
1574[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/125/288
1575[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/126/288
1576[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/128/288
1577[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/135/288
1578[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/136/288
1579[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/137/288
1580[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/140/288
1581[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/147/288
1582[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/148/288
1583[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/149/288
1584[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/152/288
1585[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/15/288
1586[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/153/288
1587[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/154/288
1588[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/156/288
1589[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/157/288
1590[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/16/288
1591[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/167/288
1592[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/168/288
1593[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/171/288
1594[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/17/288
1595[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/176/288
1596[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/177/288
1597[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/18/288
1598[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/19/288
1599[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/193/288
1600[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/197/288
1601[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/200/288
1602[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/202/288
1603[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/20/288
1604[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/204/288
1605[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/21/288
1606[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/214/288
1607[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/221/288
1608[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/222/288
1609[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/224/288
1610[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/227/288
1611[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/229/288
1612[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/23/288
1613[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/233/288
1614[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/240/288
1615[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/24/288
1616[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/247/288
1617[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/249/288
1618[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/25/288
1619[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/253/288
1620[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/258/288
1621[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/267/288
1622[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/268/288
1623[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/27/288
1624[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/277/288
1625[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/28/288
1626[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/285/288
1627[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/288
1628[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/290/288
1629[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/29/288
1630[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/295/288
1631[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/302/288
1632[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/30/288
1633[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/304/288
1634[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/305/288
1635[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/311/288
1636[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/313/288
1637[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/314/288
1638[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/315/288
1639[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/316/288
1640[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/317/288
1641[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/321/288
1642[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/32/288
1643[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/326/288
1644[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/328/288
1645[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/329/288
1646[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/330/288
1647[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/33/288
1648[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/335/288
1649[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/338/288
1650[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/342/288
1651[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/34/288
1652[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/344/288
1653[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/346/288
1654[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/348/288
1655[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/35/288
1656[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/353/288
1657[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/358/288
1658[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/359/288
1659[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/361/288
1660[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/36/288
1661[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/365/288
1662[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/367/288
1663[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/368/288
1664[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/374/288
1665[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/390/288
1666[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/39/288
1667[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/393
1668[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/412/288
1669[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/41/288
1670[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/415/288
1671[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/417/288
1672[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/418/288
1673[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/42/288
1674[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/423/288
1675[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/428/288
1676[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/429/288
1677[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/430/288
1678[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/434/288
1679[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/435/288
1680[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/441/288
1681[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/442/288
1682[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/44/288
1683[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/443/288
1684[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/445/288
1685[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/446/288
1686[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/447/288
1687[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/449/288
1688[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/45/288
1689[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/46/288
1690[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/465/288
1691[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/466/288
1692[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/470/288
1693[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/476/288
1694[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/477/288
1695[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/480/288
1696[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/484/288
1697[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/485/288
1698[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/486/288
1699[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/487/288
1700[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/490/288
1701[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/498/288
1702[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/501/288
1703[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/502/288
1704[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/503/288
1705[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/504/288
1706[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/505/288
1707[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/510/288
1708[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/520/288
1709[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/523/288
1710[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/524/288
1711[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/525/288
1712[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/5/288
1713[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/529/288
1714[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/53/288
1715[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/54/288
1716[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/543/288
1717[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/547/288
1718[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/550/288
1719[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/551/288
1720[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/555/288
1721[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/556/288
1722[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/560/288
1723[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/564/288
1724[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/565/288
1725[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/566/288
1726[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/568/288
1727[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/570/288
1728[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/57/288
1729[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/579/288
1730[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/58/288
1731[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/584/288
1732[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/585/288
1733[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/587/288
1734[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/588/288
1735[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/59/288
1736[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/595/288
1737[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/596/288
1738[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/599/288
1739[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/60/288
1740[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/610/288
1741[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/6/288
1742[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/640/288
1743[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/64/288
1744[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/650/288
1745[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/655/288
1746[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/662/288
1747[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/671/288
1748[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/67/288
1749[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/676/288
1750[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/680/288
1751[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/681/288
1752[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/690/288
1753[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/691/288
1754[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/695/288
1755[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/699/288
1756[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/701/288
1757[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/704/288
1758[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/705/288
1759[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/707/288
1760[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/708/288
1761[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/709/288
1762[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/710/288
1763[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/712/288
1764[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/713/288
1765[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/714/288
1766[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/721/288
1767[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/722/288
1768[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/72/288
1769[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/724/288
1770[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/727/288
1771[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/728/288
1772[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/7/288
1773[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/729/288
1774[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/731/288
1775[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/732/288
1776[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/733/288
1777[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/734/288
1778[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/737/288
1779[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/738/288
1780[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/739/288
1781[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/741/288
1782[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/742/288
1783[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/74/288
1784[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/744/288
1785[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/745/288
1786[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/747/288
1787[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/748/288
1788[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/749/288
1789[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/750/288
1790[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/751/288
1791[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/752/288
1792[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/754/288
1793[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/755/288
1794[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/756/288
1795[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/757/288
1796[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/758/288
1797[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/760/288
1798[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/761/288
1799[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/766/288
1800[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/767/288
1801[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/768/288
1802[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/769/288
1803[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/770/288
1804[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/772/288
1805[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/77/288
1806[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/775/288
1807[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/776/288
1808[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/777/288
1809[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/778/288
1810[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/780/288
1811[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/781/288
1812[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/782/288
1813[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/78/288
1814[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/783/288
1815[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/784/288
1816[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/785/288
1817[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/786/288
1818[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/787/288
1819[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/788/288
1820[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/789/288
1821[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/790/288
1822[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/791/288
1823[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/792/288
1824[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/793/288
1825[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/795/288
1826[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/796/288
1827[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/797/288
1828[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/798/288
1829[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/800/288
1830[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/804/288
1831[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/805/288
1832[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/808/288
1833[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/810/288
1834[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/811/288
1835[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/814/288
1836[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/816/288
1837[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/817/288
1838[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/818/288
1839[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/820/288
1840[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/821/288
1841[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/82/288
1842[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/823/288
1843[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/826/288
1844[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/827/288
1845[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/828/288
1846[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/8/288
1847[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/829/288
1848[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/835/288
1849[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/836/288
1850[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/837/288
1851[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/838/288
1852[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/84/288
1853[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/847/288
1854[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/848/288
1855[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/850/288
1856[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/853/288
1857[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/866/288
1858[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/871/288
1859[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/873/288
1860[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/874/288
1861[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/875/288
1862[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/876/288
1863[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/877/288
1864[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/878/288
1865[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/879/288
1866[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/882/288
1867[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/885/288
1868[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/887/288
1869[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/889/288
1870[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/891/288
1871[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/89/288
1872[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/910/288
1873[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/912/288
1874[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/914/288
1875[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/915/288
1876[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/917/288
1877[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/918/288
1878[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/919/288
1879[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/920/288
1880[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/921/288
1881[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/922/288
1882[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/92/288
1883[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/923/288
1884[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/924/288
1885[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/925/288
1886[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/926/288
1887[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/927/288
1888[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/928/288
1889[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/9/288
1890[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/930/288
1891[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/940/288
1892[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/945/288
1893[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/950/288
1894[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/951/288
1895[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/963/288
1896[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/969/288
1897[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/971/288
1898[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/981/288
1899[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/982/288
1900[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/983/288
1901[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/984/288
1902[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/985/288
1903[*] https://www.eshot.gov.tr/tr/UlasimSaatleri/988/288
1904[*] https://www.eshot.gov.tr/(X(1)S(rhqqbtbnzfdpxx1tuzx1cml5))/?AspxAutoDetectCookieSupport=1
1905[*] https://www.eshot.gov.tr/(X(1)S(rhqqbtbnzfdpxx1tuzx1cml5))/?AspxAutoDetectCookieSupport=1#announcements
1906[*] https://www.eshot.gov.tr/(X(1)S(rhqqbtbnzfdpxx1tuzx1cml5))/?AspxAutoDetectCookieSupport=1#considerations
1907[*] https://www.eshot.gov.tr/(X(1)S(rhqqbtbnzfdpxx1tuzx1cml5))/?AspxAutoDetectCookieSupport=1#main-timetable
1908[*] https://www.eshot.gov.tr/(X(1)S(rhqqbtbnzfdpxx1tuzx1cml5))/?AspxAutoDetectCookieSupport=1#new-news
1909[*] https://www.eshot.gov.tr/(X(1)S(rhqqbtbnzfdpxx1tuzx1cml5))/?AspxAutoDetectCookieSupport=1#where-is-bus
1910[*] https://www.eshot.gov.tr/YuklenenDosyalar/Dokumanlar/08052019_0421_2018Faaliyet.pdf
1911[*] https://www.eshot.gov.tr/YuklenenDosyalar/Dokumanlar/17062019_1116_2018_kesin_hesap_rs.pdf
1912[*] https://www.eshot.gov.tr/YuklenenDosyalar/Dokumanlar/eshot-2015-2019-stratejik-plan.pdf
1913[*] https://www.izmir.bel.tr/
1914[*] https://www.izmirimkart.com.tr/tr/BasvuruDurumu/109
1915[*] https://www.izmirimkart.com.tr/tr/IlkKartBasvurusuBilgilendirme/109
1916[*] http://www.eshot.gov.tr/
1917[*] http://www.eshot.gov.tr//CKYuklenen/izmirimkartYonerge2019.pdf
1918[*] http://www.eshot.gov.tr/YuklenenDosyalar/Dokumanlar/03012019_0225_2019PerformansProgrami.pdf
1919[*] http://www.eshot.gov.tr/YuklenenDosyalar/Dokumanlar/03012019_0226_2019MaliYiliButcesi.pdf
1920[INFO] BING shows 185.182.239.167 is shared with 35 hosts/vhosts
1921[INFO] Shodan detected the following opened ports on 185.182.239.167:
1922[*] 443
1923[*] 80
1924[INFO] ------VirusTotal SECTION------
1925[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
1926[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
1927[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
1928[INFO] ------Alexa Rank SECTION------
1929[INFO] Percent of Visitors Rank in Country:
1930[INFO] Percent of Search Traffic:
1931[INFO] Percent of Unique Visits:
1932[INFO] Total Sites Linking In:
1933[*] Total Sites
1934[INFO] Useful links related to www.eshot.gov.tr - 185.182.239.167:
1935[*] https://www.virustotal.com/pt/ip-address/185.182.239.167/information/
1936[*] https://www.hybrid-analysis.com/search?host=185.182.239.167
1937[*] https://www.shodan.io/host/185.182.239.167
1938[*] https://www.senderbase.org/lookup/?search_string=185.182.239.167
1939[*] https://www.alienvault.com/open-threat-exchange/ip/185.182.239.167
1940[*] http://pastebin.com/search?q=185.182.239.167
1941[*] http://urlquery.net/search.php?q=185.182.239.167
1942[*] http://www.alexa.com/siteinfo/www.eshot.gov.tr
1943[*] http://www.google.com/safebrowsing/diagnostic?site=www.eshot.gov.tr
1944[*] https://censys.io/ipv4/185.182.239.167
1945[*] https://www.abuseipdb.com/check/185.182.239.167
1946[*] https://urlscan.io/search/#185.182.239.167
1947[*] https://github.com/search?q=185.182.239.167&type=Code
1948[INFO] Useful links related to AS206556 - 185.182.239.0/24:
1949[*] http://www.google.com/safebrowsing/diagnostic?site=AS:206556
1950[*] https://www.senderbase.org/lookup/?search_string=185.182.239.0/24
1951[*] http://bgp.he.net/AS206556
1952[*] https://stat.ripe.net/AS206556
1953[INFO] Date: 17/10/19 | Time: 23:38:42
1954[INFO] Total time: 1 minute(s) and 46 second(s)
1955#######################################################################################################################################
1956Trying "eshot.gov.tr"
1957Trying "eshot.gov.tr"
1958;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58254
1959;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 4, ADDITIONAL: 4
1960
1961;; QUESTION SECTION:
1962;eshot.gov.tr. IN ANY
1963
1964;; ANSWER SECTION:
1965eshot.gov.tr. 60 IN TXT "h00apm0ddhdjrmcnkd4rkeooag"
1966eshot.gov.tr. 60 IN TXT "u9P5vc2onyGzMHmbaOvU9FnjacX7TuOMU4gBaHR9gKY="
1967eshot.gov.tr. 60 IN TXT "@ h00apm0ddhdjrmcnkd4rkeooag"
1968eshot.gov.tr. 60 IN TXT "BCIyEtcMTevm0/UJwBk+8gh4oBq8YucD81H2awlFVho="
1969eshot.gov.tr. 60 IN TXT "v=spf1 a mx ptr ip4:176.235.106.54 ip4:185.182.236.232 ip4:185.182.236.234 include:spf.postal.eshot.gov.tr -all"
1970eshot.gov.tr. 60 IN MX 10 pmg.eshot.gov.tr.
1971eshot.gov.tr. 60 IN SOA ns01.unibel.com.tr. sistem.unibel.com.tr. 344 60 60 60 60
1972eshot.gov.tr. 60 IN A 185.182.239.167
1973eshot.gov.tr. 60 IN NS ns02.unibel.com.tr.
1974eshot.gov.tr. 60 IN NS ns02.izmir-bld.gov.tr.
1975eshot.gov.tr. 60 IN NS ns01.izmir-bld.gov.tr.
1976eshot.gov.tr. 60 IN NS ns01.unibel.com.tr.
1977
1978;; AUTHORITY SECTION:
1979eshot.gov.tr. 60 IN NS ns01.unibel.com.tr.
1980eshot.gov.tr. 60 IN NS ns02.izmir-bld.gov.tr.
1981eshot.gov.tr. 60 IN NS ns01.izmir-bld.gov.tr.
1982eshot.gov.tr. 60 IN NS ns02.unibel.com.tr.
1983
1984;; ADDITIONAL SECTION:
1985ns01.unibel.com.tr. 43199 IN A 176.235.106.180
1986ns01.izmir-bld.gov.tr. 43199 IN A 185.182.236.222
1987ns02.unibel.com.tr. 43199 IN A 176.235.106.181
1988ns02.izmir-bld.gov.tr. 43199 IN A 185.182.236.220
1989
1990Received 644 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 45 ms
1991#######################################################################################################################################
1992; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace eshot.gov.tr
1993;; global options: +cmd
1994. 80802 IN NS f.root-servers.net.
1995. 80802 IN NS m.root-servers.net.
1996. 80802 IN NS l.root-servers.net.
1997. 80802 IN NS i.root-servers.net.
1998. 80802 IN NS h.root-servers.net.
1999. 80802 IN NS k.root-servers.net.
2000. 80802 IN NS c.root-servers.net.
2001. 80802 IN NS j.root-servers.net.
2002. 80802 IN NS b.root-servers.net.
2003. 80802 IN NS a.root-servers.net.
2004. 80802 IN NS g.root-servers.net.
2005. 80802 IN NS d.root-servers.net.
2006. 80802 IN NS e.root-servers.net.
2007. 80802 IN RRSIG NS 8 0 518400 20191030170000 20191017160000 22545 . jZtt8yTvshG1BzuF/j46it/rTAR5IORJIa7xst0rHRa+LsH2OC0Qqnly mI3l1L4eTRQ7GgWNYhu4Pa2HWTDy+tvS9eEtZ/YNadVkV7J5EBFFfqCT lhDnd6TDugQhocjufuiLqIt93hdLCqq80ASBDYZ8I8Cm3BB0qb/ccGlI XQ5MVFCZEV6xRLzxWwRy2CLdZFTLjcPa2nQrXnpB0hGoEdCde09sQMK8 ZEcPjCUD9AOM4qiYsHICwjCv2guKRYri9Gumnea1I4iHuVNXOzz4mWJY XCuMBiiNRfi+i70ExEhDNkNnsOS/v9i+l/SnuI71FVlH/qSe1niIM5FA hp9AGA==
2008;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 237 ms
2009
2010tr. 172800 IN NS ns22.nic.tr.
2011tr. 172800 IN NS ns21.nic.tr.
2012tr. 172800 IN NS ns41.nic.tr.
2013tr. 172800 IN NS ns91.nic.tr.
2014tr. 172800 IN NS ns42.nic.tr.
2015tr. 172800 IN NS ns31.nic.tr.
2016tr. 172800 IN NS ns92.nic.tr.
2017tr. 86400 IN NSEC trade. NS RRSIG NSEC
2018tr. 86400 IN RRSIG NSEC 8 1 86400 20191030170000 20191017160000 22545 . j6aSkD28Nn/4wTHeT8PJvGxpWc8PkN+RhwjdgEs5gu7Lqt/BtNirPxIa lL4UjwjVKyC8QsI2VC0TxcGcqgFx2KqNoWXWAT64L+p6+ZfBNxQm+39y rGt1SKiyQxhREt14Sv9BNeUs0E0lz8C+DGcs3x863G1G16CTHazTR/Cb yqwV+dNidOmhVeOr16MVo01sAiuTCyHbWPNjsHr3Xca52p2tL5C9VRQY Hml65G68qRiEHBY8G4JIil3jC39oZqPGsS35haXThhUWhcxZezHwYnFX JuQQlni9E5YSGChbu1GhdYOnZBbroHuQP1QnVOX/G3TcfB+RJsy5x/n8 n4DRSw==
2019;; Received 744 bytes from 2001:500:2::c#53(c.root-servers.net) in 29 ms
2020
2021eshot.gov.tr. 43200 IN NS ns01.unibel.com.tr.
2022eshot.gov.tr. 43200 IN NS ns02.unibel.com.tr.
2023eshot.gov.tr. 43200 IN NS ns01.izmir-bld.gov.tr.
2024eshot.gov.tr. 43200 IN NS ns02.izmir-bld.gov.tr.
2025;; Received 170 bytes from 31.210.155.2#53(ns31.nic.tr) in 202 ms
2026
2027eshot.gov.tr. 60 IN A 185.182.239.167
2028;; Received 85 bytes from 176.235.106.181#53(ns02.unibel.com.tr) in 307 ms
2029#######################################################################################################################################
2030[*] Performing General Enumeration of Domain: eshot.gov.tr
2031[-] DNSSEC is not configured for eshot.gov.tr
2032[*] SOA ns01.unibel.com.tr 176.235.106.180
2033[*] NS ns02.unibel.com.tr 176.235.106.181
2034[*] NS ns01.unibel.com.tr 176.235.106.180
2035[*] NS ns01.izmir-bld.gov.tr 185.182.236.222
2036[*] NS ns02.izmir-bld.gov.tr 185.182.236.220
2037[*] MX pmg.eshot.gov.tr 176.235.106.61
2038[*] A eshot.gov.tr 185.182.239.167
2039[*] TXT eshot.gov.tr u9P5vc2onyGzMHmbaOvU9FnjacX7TuOMU4gBaHR9gKY=
2040[*] TXT eshot.gov.tr @ h00apm0ddhdjrmcnkd4rkeooag
2041[*] TXT eshot.gov.tr v=spf1 a mx ptr ip4:176.235.106.54 ip4:185.182.236.232 ip4:185.182.236.234 include:spf.postal.eshot.gov.tr -all
2042[*] TXT eshot.gov.tr h00apm0ddhdjrmcnkd4rkeooag
2043[*] TXT eshot.gov.tr BCIyEtcMTevm0/UJwBk+8gh4oBq8YucD81H2awlFVho=
2044[*] Enumerating SRV Records
2045[-] No SRV Records Found for eshot.gov.tr
2046[+] 0 Records Found
2047######################################################################################################################################
2048[*] Processing domain eshot.gov.tr
2049[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
2050[+] Getting nameservers
2051176.235.106.181 - ns02.unibel.com.tr
2052176.235.106.180 - ns01.unibel.com.tr
2053185.182.236.222 - ns01.izmir-bld.gov.tr
2054185.182.236.220 - ns02.izmir-bld.gov.tr
2055[-] Zone transfer failed
2056
2057[+] TXT records found
2058"u9P5vc2onyGzMHmbaOvU9FnjacX7TuOMU4gBaHR9gKY="
2059"BCIyEtcMTevm0/UJwBk+8gh4oBq8YucD81H2awlFVho="
2060"h00apm0ddhdjrmcnkd4rkeooag"
2061"@ h00apm0ddhdjrmcnkd4rkeooag"
2062"v=spf1 a mx ptr ip4:176.235.106.54 ip4:185.182.236.232 ip4:185.182.236.234 include:spf.postal.eshot.gov.tr -all"
2063
2064[+] MX records found, added to target list
206510 pmg.eshot.gov.tr.
2066
2067[*] Scanning eshot.gov.tr for A records
2068185.182.239.167 - eshot.gov.tr
2069176.235.106.61 - pmg.eshot.gov.tr
207010.29.152.75 - demo.eshot.gov.tr
207110.11.150.244 - intranet.eshot.gov.tr
2072176.235.106.54 - mail.eshot.gov.tr
2073185.182.239.165 - mobile.eshot.gov.tr
2074185.182.236.246 - mobil.eshot.gov.tr
2075185.182.236.246 - old.eshot.gov.tr
2076185.182.239.167 - online.eshot.gov.tr
2077185.182.236.246 - s4.eshot.gov.tr
2078185.182.236.246 - s2.eshot.gov.tr
2079185.182.236.246 - s3.eshot.gov.tr
2080185.182.236.246 - s1.eshot.gov.tr
208110.29.152.75 - test.eshot.gov.tr
2082176.235.106.80 - track.eshot.gov.tr
2083185.182.239.196 - vpn.eshot.gov.tr
2084185.182.239.166 - ws.eshot.gov.tr
2085176.235.106.151 - ww2.eshot.gov.tr
2086185.182.239.167 - www.eshot.gov.tr
2087176.235.106.54 - zimbra.eshot.gov.tr
2088#######################################################################################################################################
2089Ip Address Status Type Domain Name Server
2090---------- ------ ---- ----------- ------
209110.29.152.75 host demo.eshot.gov.tr
209210.11.150.244 host intranet.eshot.gov.tr
2093176.235.106.54 302 host mail.eshot.gov.tr nginx
2094185.182.239.165 200 host mobile.eshot.gov.tr Microsoft-IIS/8.5
2095185.182.236.246 host old.eshot.gov.tr
2096185.182.239.167 302 host online.eshot.gov.tr Microsoft-IIS/8.5
2097185.182.236.246 host s1.eshot.gov.tr
2098185.182.236.246 host s2.eshot.gov.tr
209910.29.152.75 host test.eshot.gov.tr
2100185.182.239.196 301 host vpn.eshot.gov.tr
2101185.182.239.166 200 host ws.eshot.gov.tr Microsoft-IIS/8.5
2102185.182.239.167 302 host www.eshot.gov.tr Microsoft-IIS/8.5
2103#######################################################################################################################################
2104[+] Testing domain
2105 www.eshot.gov.tr 185.182.239.167
2106[+] Dns resolving
2107 Domain name Ip address Name server
2108 No address associated with hostname eshot.gov.tr
2109[+] Testing wildcard
2110 Ok, no wildcard found.
2111
2112[+] Scanning for subdomain on eshot.gov.tr
2113[!] Wordlist not specified. I scannig with my internal wordlist...
2114 Estimated time about 385.37 seconds
2115
2116 Subdomain Ip address Name server
2117
2118 mail.eshot.gov.tr 176.235.106.54 mail.eshot.gov.tr
2119 old.eshot.gov.tr 185.182.236.246 eshot.gov.tr
2120 s1.eshot.gov.tr 185.182.236.246 eshot.gov.tr
2121 s2.eshot.gov.tr 185.182.236.246 eshot.gov.tr
2122
2123Found 4 subdomain(s) in 4 host(s) in 1192.95 second(s)
2124#######################################################################################################################################
2125
2126 AVAILABLE PLUGINS
2127 -----------------
2128
2129 CertificateInfoPlugin
2130 OpenSslCipherSuitesPlugin
2131 CompressionPlugin
2132 HeartbleedPlugin
2133 RobotPlugin
2134 FallbackScsvPlugin
2135 OpenSslCcsInjectionPlugin
2136 HttpHeadersPlugin
2137 SessionRenegotiationPlugin
2138 SessionResumptionPlugin
2139 EarlyDataPlugin
2140
2141
2142
2143 CHECKING HOST(S) AVAILABILITY
2144 -----------------------------
2145
2146 185.182.239.167:443 => 185.182.239.167
2147
2148
2149
2150
2151 SCAN RESULTS FOR 185.182.239.167:443 - 185.182.239.167
2152 ------------------------------------------------------
2153
2154 * Deflate Compression:
2155 OK - Compression disabled
2156
2157 * Session Renegotiation:
2158 Client-initiated Renegotiation: OK - Rejected
2159 Secure Renegotiation: OK - Supported
2160
2161 * OpenSSL Heartbleed:
2162 OK - Not vulnerable to Heartbleed
2163
2164 * TLSV1_1 Cipher Suites:
2165 Server rejected all cipher suites.
2166
2167 * TLSV1 Cipher Suites:
2168 Server rejected all cipher suites.
2169
2170 * Downgrade Attacks:
2171Unhandled exception while running --fallback:
2172ValueError - Server only supports SSLv3; no downgrade attacks are possible
2173
2174 * OpenSSL CCS Injection:
2175 OK - Not vulnerable to OpenSSL CCS injection
2176
2177 * TLSV1_2 Cipher Suites:
2178 Server rejected all cipher suites.
2179
2180 * SSLV2 Cipher Suites:
2181 Server rejected all cipher suites.
2182
2183 * Certificate Information:
2184 Content
2185 SHA1 Fingerprint: 08208459498df4bbd307fc04fe583454f5a6fba6
2186 Common Name: www.izmirimkart.com.tr
2187 Issuer: RapidSSL RSA CA 2018
2188 Serial Number: 12357846254948292025454507793719436047
2189 Not Before: 2019-06-24 00:00:00
2190 Not After: 2020-07-23 12:00:00
2191 Signature Algorithm: sha256
2192 Public Key Algorithm: RSA
2193 Key Size: 2048
2194 Exponent: 65537 (0x10001)
2195 DNS Subject Alternative Names: ['www.izmirimkart.com.tr', 'izmirimkart.com.tr']
2196
2197 Trust
2198 Hostname Validation: FAILED - Certificate does NOT match 185.182.239.167
2199 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: ok
2200 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: ok
2201 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: ok
2202 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: ok
2203 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: ok
2204 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
2205 Received Chain: www.izmirimkart.com.tr --> RapidSSL RSA CA 2018
2206 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
2207 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
2208 Received Chain Order: OK - Order is valid
2209 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
2210
2211 Extensions
2212 OCSP Must-Staple: NOT SUPPORTED - Extension not found
2213 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
2214
2215 OCSP Stapling
2216 NOT SUPPORTED - Server did not send back an OCSP response
2217
2218 * TLS 1.2 Session Resumption Support:
2219 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
2220 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
2221
2222 * TLSV1_3 Cipher Suites:
2223 Server rejected all cipher suites.
2224
2225 * SSLV3 Cipher Suites:
2226 Forward Secrecy INSECURE - Not Supported
2227 RC4 INSECURE - Supported
2228
2229 Preferred:
2230 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Error sending HTTP GET
2231 Accepted:
2232 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
2233 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
2234 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Error sending HTTP GET
2235
2236 * ROBOT Attack:
2237 OK - Not vulnerable
2238
2239
2240 SCAN COMPLETED IN 32.35 S
2241 -------------------------
2242######################################################################################################################################
2243Domains still to check: 1
2244 Checking if the hostname eshot.gov.tr. given is in fact a domain...
2245
2246Analyzing domain: eshot.gov.tr.
2247 Checking NameServers using system default resolver...
2248 IP: 176.235.106.181 (Turkey)
2249 HostName: ns02.unibel.com.tr Type: NS
2250 HostName: ns02.unibel.com.tr Type: PTR
2251 IP: 176.235.106.180 (Turkey)
2252 HostName: ns01.unibel.com.tr Type: NS
2253 HostName: ns01.unibel.com.tr Type: PTR
2254 IP: 185.182.236.222 (Turkey)
2255 HostName: ns01.izmir-bld.gov.tr Type: NS
2256 HostName: ns01.izmir-bld.gov.tr Type: PTR
2257 IP: 185.182.236.220 (Turkey)
2258 HostName: ns02.izmir-bld.gov.tr Type: NS
2259 HostName: ns02.izmir-bld.gov.tr Type: PTR
2260
2261 Checking MailServers using system default resolver...
2262 IP: 176.235.106.61 (Turkey)
2263 HostName: pmg.eshot.gov.tr Type: MX
2264 HostName: pmg.eshot.gov.tr Type: PTR
2265
2266 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
2267^C No zone transfer found on nameserver 185.182.236.220
2268^C No zone transfer found on nameserver 185.182.236.222
2269 No zone transfer found on nameserver 176.235.106.181
2270 No zone transfer found on nameserver 176.235.106.180
2271
2272 Checking SPF record...
2273 New IP found: 176.235.106.54
2274 New IP found: 185.182.236.232
2275 New IP found: 185.182.236.234
2276
2277 Checking SPF record...
2278 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.235.106.80/32, but only the network IP
2279 New IP found: 176.235.106.80
2280
2281 Checking 192 most common hostnames using system default resolver...
2282 IP: 185.182.239.167 (Turkey)
2283 HostName: www.eshot.gov.tr. Type: A
2284 IP: 176.235.106.54 (Turkey)
2285 Type: SPF
2286 HostName: mail.eshot.gov.tr. Type: A
2287 HostName: mail.eshot.gov.tr Type: PTR
2288 IP: 10.29.152.75 (None)
2289 HostName: test.eshot.gov.tr. Type: A
2290 IP: 185.182.236.246 (Turkey)
2291 HostName: old.eshot.gov.tr. Type: A
2292
2293 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
2294 Checking netblock 185.182.236.0
2295 Checking netblock 185.182.239.0
2296 Checking netblock 176.235.106.0
2297 Checking netblock 10.29.152.0
2298
2299 Searching for eshot.gov.tr. emails in Google
2300 Ndemirsoy@eshot.gov.tr
2301 ndemirsoy@eshot.gov.tr
2302 him@eshot.gov.tr
2303 him@eshot.gov.tr:
2304
2305 Checking 12 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
2306 Host 185.182.236.246 is up (reset ttl 64)
2307 Host 185.182.239.167 is up (reset ttl 64)
2308 Host 176.235.106.80 is up (reset ttl 64)
2309 Host 176.235.106.61 is up (reset ttl 64)
2310 Host 185.182.236.232 is up (reset ttl 64)
2311 Host 176.235.106.181 is up (reset ttl 64)
2312 Host 185.182.236.234 is up (reset ttl 64)
2313 Host 176.235.106.180 is up (reset ttl 64)
2314 Host 10.29.152.75 is up (reset ttl 64)
2315 Host 185.182.236.222 is up (reset ttl 64)
2316 Host 176.235.106.54 is up (reset ttl 64)
2317 Host 185.182.236.220 is up (reset ttl 64)
2318
2319 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
2320 Scanning ip 185.182.236.246 (old.eshot.gov.tr.):
2321 Scanning ip 185.182.239.167 (www.eshot.gov.tr.):
2322 80/tcp open http syn-ack ttl 113 Microsoft IIS httpd 8.5
2323 | http-methods:
2324 | Supported Methods: OPTIONS TRACE GET HEAD POST
2325 |_ Potentially risky methods: TRACE
2326 |_http-server-header: Microsoft-IIS/8.5
2327 |_http-title: IIS Windows Server
2328 443/tcp open ssl/http syn-ack ttl 113 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2329 |_http-server-header: Microsoft-HTTPAPI/2.0
2330 |_http-title: Not Found
2331 | ssl-cert: Subject: commonName=www.izmirimkart.com.tr
2332 | Subject Alternative Name: DNS:www.izmirimkart.com.tr, DNS:izmirimkart.com.tr
2333 | Issuer: commonName=RapidSSL RSA CA 2018/organizationName=DigiCert Inc/countryName=US
2334 | Public Key type: rsa
2335 | Public Key bits: 2048
2336 | Signature Algorithm: sha256WithRSAEncryption
2337 | Not valid before: 2019-06-24T00:00:00
2338 | Not valid after: 2020-07-23T12:00:00
2339 | MD5: aa12 297e 1c93 d6f2 f310 d076 dbee b2c1
2340 |_SHA-1: 0820 8459 498d f4bb d307 fc04 fe58 3454 f5a6 fba6
2341 Device type: general purpose|WAP
2342 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
2343 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2344 Scanning ip 176.235.106.80 ():
2345 80/tcp open http syn-ack ttl 49 Caddy httpd
2346 |_http-server-header: Caddy
2347 |_http-title: Site doesn't have a title (text/plain; charset=utf-8).
2348 443/tcp open ssl/https? syn-ack ttl 49
2349 Device type: general purpose|storage-misc|broadband router
2350 Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%), HP embedded (85%)
2351 Scanning ip 176.235.106.61 (pmg.eshot.gov.tr (PTR)):
2352 Scanning ip 185.182.236.232 ():
2353 Scanning ip 176.235.106.181 (ns02.unibel.com.tr (PTR)):
2354 Scanning ip 185.182.236.234 ():
2355 Scanning ip 176.235.106.180 (ns01.unibel.com.tr (PTR)):
2356 Scanning ip 10.29.152.75 (test.eshot.gov.tr.):
2357 Scanning ip 185.182.236.222 (ns01.izmir-bld.gov.tr (PTR)):
2358 Scanning ip 176.235.106.54 (mail.eshot.gov.tr (PTR)):
2359 80/tcp open http syn-ack ttl 49 nginx
2360 | http-methods:
2361 |_ Supported Methods: GET HEAD POST OPTIONS
2362 |_http-title: Did not follow redirect to https://176.235.106.54/
2363 110/tcp open pop3 syn-ack ttl 49 Zimbra Collabration Suite pop3d
2364 |_pop3-capabilities: EXPIRE(31 USER) SASL(PLAIN) TOP STLS UIDL XOIP
2365 | ssl-cert: Subject: commonName=*.eshot.gov.tr
2366 | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2367 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2368 | Public Key type: rsa
2369 | Public Key bits: 2048
2370 | Signature Algorithm: sha256WithRSAEncryption
2371 | Not valid before: 2018-12-01T00:00:00
2372 | Not valid after: 2019-12-01T23:59:59
2373 | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2374 |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2375 |_ssl-date: TLS randomness does not represent time
2376 143/tcp open imap-proxy syn-ack ttl 49 Zimbra imapd
2377 |_imap-capabilities: MULTIAPPEND completed ID IMAP4rev1 IDLE LITERAL+ ESEARCH XLIST SASL-IR BINARY LOGINDISABLEDA0001 SEARCHRES STARTTLS ENABLE CHILDREN UNSELECT UIDPLUS ACL THREAD=ORDEREDSUBJECT SORT LIST-STATUS WITHIN CONDSTORE RIGHTS=ektx QUOTA CATENATE NAMESPACE LIST-EXTENDED OK I18NLEVEL=1 ESORT QRESYNC
2378 | ssl-cert: Subject: commonName=*.eshot.gov.tr
2379 | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2380 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2381 | Public Key type: rsa
2382 | Public Key bits: 2048
2383 | Signature Algorithm: sha256WithRSAEncryption
2384 | Not valid before: 2018-12-01T00:00:00
2385 | Not valid after: 2019-12-01T23:59:59
2386 | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2387 |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2388 |_ssl-date: TLS randomness does not represent time
2389 443/tcp open ssl/http syn-ack ttl 49 nginx
2390 | http-methods:
2391 |_ Supported Methods: GET HEAD POST OPTIONS
2392 |_http-title: Zimbra Web Client Sign In
2393 | ssl-cert: Subject: commonName=*.eshot.gov.tr
2394 | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2395 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2396 | Public Key type: rsa
2397 | Public Key bits: 2048
2398 | Signature Algorithm: sha256WithRSAEncryption
2399 | Not valid before: 2018-12-01T00:00:00
2400 | Not valid after: 2019-12-01T23:59:59
2401 | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2402 |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2403 |_ssl-date: TLS randomness does not represent time
2404 | tls-alpn:
2405 |_ http/1.1
2406 | tls-nextprotoneg:
2407 |_ http/1.1
2408 465/tcp open ssl/smtp syn-ack ttl 49 Postfix smtpd
2409 |_smtp-commands: mail.eshot.gov.tr, PIPELINING, SIZE 52428800, VRFY, ETRN, AUTH LOGIN PLAIN, AUTH=LOGIN PLAIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
2410 | ssl-cert: Subject: commonName=*.eshot.gov.tr
2411 | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2412 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2413 | Public Key type: rsa
2414 | Public Key bits: 2048
2415 | Signature Algorithm: sha256WithRSAEncryption
2416 | Not valid before: 2018-12-01T00:00:00
2417 | Not valid after: 2019-12-01T23:59:59
2418 | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2419 |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2420 |_ssl-date: TLS randomness does not represent time
2421 587/tcp open smtp syn-ack ttl 49 Postfix smtpd
2422 |_smtp-commands: mail.eshot.gov.tr, PIPELINING, SIZE 52428800, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
2423 | ssl-cert: Subject: commonName=*.eshot.gov.tr
2424 | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2425 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2426 | Public Key type: rsa
2427 | Public Key bits: 2048
2428 | Signature Algorithm: sha256WithRSAEncryption
2429 | Not valid before: 2018-12-01T00:00:00
2430 | Not valid after: 2019-12-01T23:59:59
2431 | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2432 |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2433 |_ssl-date: TLS randomness does not represent time
2434 993/tcp open ssl/imap-proxy syn-ack ttl 49 Zimbra imapd
2435 |_imap-capabilities: MULTIAPPEND ID IMAP4rev1 completed LITERAL+ ESEARCH XLIST SASL-IR BINARY IDLE AUTH=PLAINA0001 SEARCHRES ENABLE CHILDREN UNSELECT UIDPLUS ACL THREAD=ORDEREDSUBJECT SORT LIST-STATUS WITHIN CONDSTORE RIGHTS=ektx QUOTA CATENATE NAMESPACE LIST-EXTENDED OK I18NLEVEL=1 ESORT QRESYNC
2436 | ssl-cert: Subject: commonName=*.eshot.gov.tr
2437 | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2438 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2439 | Public Key type: rsa
2440 | Public Key bits: 2048
2441 | Signature Algorithm: sha256WithRSAEncryption
2442 | Not valid before: 2018-12-01T00:00:00
2443 | Not valid after: 2019-12-01T23:59:59
2444 | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2445 |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2446 |_ssl-date: TLS randomness does not represent time
2447 995/tcp open ssl/pop3 syn-ack ttl 49 Zimbra Collabration Suite pop3d
2448 |_pop3-capabilities: USER EXPIRE(31 USER) TOP SASL(PLAIN) UIDL XOIP
2449 | ssl-cert: Subject: commonName=*.eshot.gov.tr
2450 | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2451 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2452 | Public Key type: rsa
2453 | Public Key bits: 2048
2454 | Signature Algorithm: sha256WithRSAEncryption
2455 | Not valid before: 2018-12-01T00:00:00
2456 | Not valid after: 2019-12-01T23:59:59
2457 | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2458 |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2459 |_ssl-date: TLS randomness does not represent time
2460 8443/tcp open ssl/http syn-ack ttl 49 Zimbra http config
2461 | http-methods:
2462 |_ Supported Methods: GET HEAD POST OPTIONS
2463 |_http-title: Zimbra Web Client Sign In
2464 | ssl-cert: Subject: commonName=*.eshot.gov.tr
2465 | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2466 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2467 | Public Key type: rsa
2468 | Public Key bits: 2048
2469 | Signature Algorithm: sha256WithRSAEncryption
2470 | Not valid before: 2018-12-01T00:00:00
2471 | Not valid after: 2019-12-01T23:59:59
2472 | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2473 |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2474 |_ssl-date: 2019-10-18T04:12:29+00:00; 0s from scanner time.
2475 Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
2476 OS Info: Service Info: Host: mail.eshot.gov.tr
2477 Scanning ip 185.182.236.220 (ns02.izmir-bld.gov.tr (PTR)):
2478 WebCrawling domain's web servers... up to 50 max links.
2479
2480 + URL to crawl: http://www.eshot.gov.tr.
2481 + Date: 2019-10-18
2482
2483 + Crawling URL: http://www.eshot.gov.tr.:
2484 + Links:
2485 + Crawling http://www.eshot.gov.tr. (400 Bad Request)
2486 + Searching for directories...
2487 + Searching open folders...
2488
2489
2490 + URL to crawl: https://www.eshot.gov.tr.
2491 + Date: 2019-10-18
2492
2493 + Crawling URL: https://www.eshot.gov.tr.:
2494 + Links:
2495 + Crawling https://www.eshot.gov.tr. ([Errno 104] Connection reset by peer)
2496 + Searching for directories...
2497 + Searching open folders...
2498
2499
2500 + URL to crawl: http://mail.eshot.gov.tr.
2501 + Date: 2019-10-18
2502
2503 + Crawling URL: http://mail.eshot.gov.tr.:
2504 + Links:
2505 + Crawling http://mail.eshot.gov.tr.
2506 + Crawling http://mail.eshot.gov.tr./css/common,login,zhtml,skin.css?skin=harmony&v=190308062804 (File! Not crawling it.)
2507 + Searching for directories...
2508 - Found: http://mail.eshot.gov.tr./img/
2509 - Found: http://mail.eshot.gov.tr./img/logo/
2510 - Found: http://mail.eshot.gov.tr./css/
2511 + Searching open folders...
2512 - http://mail.eshot.gov.tr./img/ (403 Forbidden)
2513 - http://mail.eshot.gov.tr./img/logo/ (403 Forbidden)
2514 - http://mail.eshot.gov.tr./css/ (No Open Folder)
2515
2516
2517 + URL to crawl: https://mail.eshot.gov.tr.
2518 + Date: 2019-10-18
2519
2520 + Crawling URL: https://mail.eshot.gov.tr.:
2521 + Links:
2522 + Crawling https://mail.eshot.gov.tr.
2523 + Searching for directories...
2524 + Searching open folders...
2525
2526
2527 + URL to crawl: https://mail.eshot.gov.tr.:8443
2528 + Date: 2019-10-18
2529
2530 + Crawling URL: https://mail.eshot.gov.tr.:8443:
2531 + Links:
2532 + Crawling https://mail.eshot.gov.tr.:8443 ([Errno 0] Error)
2533 + Searching for directories...
2534 + Searching open folders...
2535
2536--Finished--
2537Summary information for domain eshot.gov.tr.
2538-----------------------------------------
2539 Domain Specific Information:
2540 Email: Ndemirsoy@eshot.gov.tr
2541 Email: ndemirsoy@eshot.gov.tr
2542 Email: him@eshot.gov.tr
2543 Email: him@eshot.gov.tr:
2544
2545 Domain Ips Information:
2546 IP: 185.182.236.246
2547 HostName: old.eshot.gov.tr. Type: A
2548 Country: Turkey
2549 Is Active: True (reset ttl 64)
2550 IP: 185.182.239.167
2551 HostName: www.eshot.gov.tr. Type: A
2552 Country: Turkey
2553 Is Active: True (reset ttl 64)
2554 Port: 80/tcp open http syn-ack ttl 113 Microsoft IIS httpd 8.5
2555 Script Info: | http-methods:
2556 Script Info: | Supported Methods: OPTIONS TRACE GET HEAD POST
2557 Script Info: |_ Potentially risky methods: TRACE
2558 Script Info: |_http-server-header: Microsoft-IIS/8.5
2559 Script Info: |_http-title: IIS Windows Server
2560 Port: 443/tcp open ssl/http syn-ack ttl 113 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2561 Script Info: |_http-server-header: Microsoft-HTTPAPI/2.0
2562 Script Info: |_http-title: Not Found
2563 Script Info: | ssl-cert: Subject: commonName=www.izmirimkart.com.tr
2564 Script Info: | Subject Alternative Name: DNS:www.izmirimkart.com.tr, DNS:izmirimkart.com.tr
2565 Script Info: | Issuer: commonName=RapidSSL RSA CA 2018/organizationName=DigiCert Inc/countryName=US
2566 Script Info: | Public Key type: rsa
2567 Script Info: | Public Key bits: 2048
2568 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2569 Script Info: | Not valid before: 2019-06-24T00:00:00
2570 Script Info: | Not valid after: 2020-07-23T12:00:00
2571 Script Info: | MD5: aa12 297e 1c93 d6f2 f310 d076 dbee b2c1
2572 Script Info: |_SHA-1: 0820 8459 498d f4bb d307 fc04 fe58 3454 f5a6 fba6
2573 Script Info: Device type: general purpose|WAP
2574 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
2575 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2576 IP: 176.235.106.80
2577 Type: SPF
2578 Is Active: True (reset ttl 64)
2579 Port: 80/tcp open http syn-ack ttl 49 Caddy httpd
2580 Script Info: |_http-server-header: Caddy
2581 Script Info: |_http-title: Site doesn't have a title (text/plain; charset=utf-8).
2582 Port: 443/tcp open ssl/https? syn-ack ttl 49
2583 Script Info: Device type: general purpose|storage-misc|broadband router
2584 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%), HP embedded (85%)
2585 IP: 176.235.106.61
2586 HostName: pmg.eshot.gov.tr Type: MX
2587 HostName: pmg.eshot.gov.tr Type: PTR
2588 Country: Turkey
2589 Is Active: True (reset ttl 64)
2590 IP: 185.182.236.232
2591 Type: SPF
2592 Is Active: True (reset ttl 64)
2593 IP: 176.235.106.181
2594 HostName: ns02.unibel.com.tr Type: NS
2595 HostName: ns02.unibel.com.tr Type: PTR
2596 Country: Turkey
2597 Is Active: True (reset ttl 64)
2598 IP: 185.182.236.234
2599 Type: SPF
2600 Is Active: True (reset ttl 64)
2601 IP: 176.235.106.180
2602 HostName: ns01.unibel.com.tr Type: NS
2603 HostName: ns01.unibel.com.tr Type: PTR
2604 Country: Turkey
2605 Is Active: True (reset ttl 64)
2606 IP: 10.29.152.75
2607 HostName: test.eshot.gov.tr. Type: A
2608 Country: None
2609 Is Active: True (reset ttl 64)
2610 IP: 185.182.236.222
2611 HostName: ns01.izmir-bld.gov.tr Type: NS
2612 HostName: ns01.izmir-bld.gov.tr Type: PTR
2613 Country: Turkey
2614 Is Active: True (reset ttl 64)
2615 IP: 176.235.106.54
2616 Type: SPF
2617 HostName: mail.eshot.gov.tr. Type: A
2618 HostName: mail.eshot.gov.tr Type: PTR
2619 Country: Turkey
2620 Is Active: True (reset ttl 64)
2621 Port: 80/tcp open http syn-ack ttl 49 nginx
2622 Script Info: | http-methods:
2623 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2624 Script Info: |_http-title: Did not follow redirect to https://176.235.106.54/
2625 Port: 110/tcp open pop3 syn-ack ttl 49 Zimbra Collabration Suite pop3d
2626 Script Info: |_pop3-capabilities: EXPIRE(31 USER) SASL(PLAIN) TOP STLS UIDL XOIP
2627 Script Info: | ssl-cert: Subject: commonName=*.eshot.gov.tr
2628 Script Info: | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2629 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2630 Script Info: | Public Key type: rsa
2631 Script Info: | Public Key bits: 2048
2632 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2633 Script Info: | Not valid before: 2018-12-01T00:00:00
2634 Script Info: | Not valid after: 2019-12-01T23:59:59
2635 Script Info: | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2636 Script Info: |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2637 Script Info: |_ssl-date: TLS randomness does not represent time
2638 Port: 143/tcp open imap-proxy syn-ack ttl 49 Zimbra imapd
2639 Script Info: |_imap-capabilities: MULTIAPPEND completed ID IMAP4rev1 IDLE LITERAL+ ESEARCH XLIST SASL-IR BINARY LOGINDISABLEDA0001 SEARCHRES STARTTLS ENABLE CHILDREN UNSELECT UIDPLUS ACL THREAD=ORDEREDSUBJECT SORT LIST-STATUS WITHIN CONDSTORE RIGHTS=ektx QUOTA CATENATE NAMESPACE LIST-EXTENDED OK I18NLEVEL=1 ESORT QRESYNC
2640 Script Info: | ssl-cert: Subject: commonName=*.eshot.gov.tr
2641 Script Info: | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2642 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2643 Script Info: | Public Key type: rsa
2644 Script Info: | Public Key bits: 2048
2645 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2646 Script Info: | Not valid before: 2018-12-01T00:00:00
2647 Script Info: | Not valid after: 2019-12-01T23:59:59
2648 Script Info: | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2649 Script Info: |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2650 Script Info: |_ssl-date: TLS randomness does not represent time
2651 Port: 443/tcp open ssl/http syn-ack ttl 49 nginx
2652 Script Info: | http-methods:
2653 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2654 Script Info: |_http-title: Zimbra Web Client Sign In
2655 Script Info: | ssl-cert: Subject: commonName=*.eshot.gov.tr
2656 Script Info: | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2657 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2658 Script Info: | Public Key type: rsa
2659 Script Info: | Public Key bits: 2048
2660 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2661 Script Info: | Not valid before: 2018-12-01T00:00:00
2662 Script Info: | Not valid after: 2019-12-01T23:59:59
2663 Script Info: | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2664 Script Info: |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2665 Script Info: |_ssl-date: TLS randomness does not represent time
2666 Script Info: | tls-alpn:
2667 Script Info: |_ http/1.1
2668 Script Info: | tls-nextprotoneg:
2669 Script Info: |_ http/1.1
2670 Port: 465/tcp open ssl/smtp syn-ack ttl 49 Postfix smtpd
2671 Script Info: |_smtp-commands: mail.eshot.gov.tr, PIPELINING, SIZE 52428800, VRFY, ETRN, AUTH LOGIN PLAIN, AUTH=LOGIN PLAIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
2672 Script Info: | ssl-cert: Subject: commonName=*.eshot.gov.tr
2673 Script Info: | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2674 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2675 Script Info: | Public Key type: rsa
2676 Script Info: | Public Key bits: 2048
2677 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2678 Script Info: | Not valid before: 2018-12-01T00:00:00
2679 Script Info: | Not valid after: 2019-12-01T23:59:59
2680 Script Info: | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2681 Script Info: |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2682 Script Info: |_ssl-date: TLS randomness does not represent time
2683 Port: 587/tcp open smtp syn-ack ttl 49 Postfix smtpd
2684 Script Info: |_smtp-commands: mail.eshot.gov.tr, PIPELINING, SIZE 52428800, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
2685 Script Info: | ssl-cert: Subject: commonName=*.eshot.gov.tr
2686 Script Info: | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2687 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2688 Script Info: | Public Key type: rsa
2689 Script Info: | Public Key bits: 2048
2690 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2691 Script Info: | Not valid before: 2018-12-01T00:00:00
2692 Script Info: | Not valid after: 2019-12-01T23:59:59
2693 Script Info: | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2694 Script Info: |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2695 Script Info: |_ssl-date: TLS randomness does not represent time
2696 Port: 993/tcp open ssl/imap-proxy syn-ack ttl 49 Zimbra imapd
2697 Script Info: |_imap-capabilities: MULTIAPPEND ID IMAP4rev1 completed LITERAL+ ESEARCH XLIST SASL-IR BINARY IDLE AUTH=PLAINA0001 SEARCHRES ENABLE CHILDREN UNSELECT UIDPLUS ACL THREAD=ORDEREDSUBJECT SORT LIST-STATUS WITHIN CONDSTORE RIGHTS=ektx QUOTA CATENATE NAMESPACE LIST-EXTENDED OK I18NLEVEL=1 ESORT QRESYNC
2698 Script Info: | ssl-cert: Subject: commonName=*.eshot.gov.tr
2699 Script Info: | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2700 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2701 Script Info: | Public Key type: rsa
2702 Script Info: | Public Key bits: 2048
2703 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2704 Script Info: | Not valid before: 2018-12-01T00:00:00
2705 Script Info: | Not valid after: 2019-12-01T23:59:59
2706 Script Info: | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2707 Script Info: |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2708 Script Info: |_ssl-date: TLS randomness does not represent time
2709 Port: 995/tcp open ssl/pop3 syn-ack ttl 49 Zimbra Collabration Suite pop3d
2710 Script Info: |_pop3-capabilities: USER EXPIRE(31 USER) TOP SASL(PLAIN) UIDL XOIP
2711 Script Info: | ssl-cert: Subject: commonName=*.eshot.gov.tr
2712 Script Info: | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2713 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2714 Script Info: | Public Key type: rsa
2715 Script Info: | Public Key bits: 2048
2716 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2717 Script Info: | Not valid before: 2018-12-01T00:00:00
2718 Script Info: | Not valid after: 2019-12-01T23:59:59
2719 Script Info: | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2720 Script Info: |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2721 Script Info: |_ssl-date: TLS randomness does not represent time
2722 Port: 8443/tcp open ssl/http syn-ack ttl 49 Zimbra http config
2723 Script Info: | http-methods:
2724 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2725 Script Info: |_http-title: Zimbra Web Client Sign In
2726 Script Info: | ssl-cert: Subject: commonName=*.eshot.gov.tr
2727 Script Info: | Subject Alternative Name: DNS:*.eshot.gov.tr, DNS:eshot.gov.tr
2728 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2729 Script Info: | Public Key type: rsa
2730 Script Info: | Public Key bits: 2048
2731 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2732 Script Info: | Not valid before: 2018-12-01T00:00:00
2733 Script Info: | Not valid after: 2019-12-01T23:59:59
2734 Script Info: | MD5: 46c5 d60e 9e71 f156 96bd dfd6 faaa 1b02
2735 Script Info: |_SHA-1: 66c5 5b47 2dc0 2c79 207d 9b09 f18c ca1c a766 ee52
2736 Script Info: |_ssl-date: 2019-10-18T04:12:29+00:00; 0s from scanner time.
2737 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
2738 Os Info: Host: mail.eshot.gov.tr
2739 IP: 185.182.236.220
2740 HostName: ns02.izmir-bld.gov.tr Type: NS
2741 HostName: ns02.izmir-bld.gov.tr Type: PTR
2742 Country: Turkey
2743 Is Active: True (reset ttl 64)
2744
2745--------------End Summary --------------
2746-----------------------------------------
2747######################################################################################################################################
2748Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 23:45 EDT
2749Nmap scan report for 185.182.239.167
2750Host is up (0.23s latency).
2751Not shown: 995 filtered ports, 3 closed ports
2752Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2753PORT STATE SERVICE
275480/tcp open http
2755443/tcp open https
2756
2757Nmap done: 1 IP address (1 host up) scanned in 17.29 seconds
2758#######################################################################################################################################
2759Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 23:45 EDT
2760Nmap scan report for 185.182.239.167
2761Host is up (0.15s latency).
2762Not shown: 2 filtered ports
2763PORT STATE SERVICE
276453/udp open|filtered domain
276567/udp open|filtered dhcps
276668/udp open|filtered dhcpc
276769/udp open|filtered tftp
276888/udp open|filtered kerberos-sec
2769123/udp open|filtered ntp
2770139/udp open|filtered netbios-ssn
2771161/udp open|filtered snmp
2772162/udp open|filtered snmptrap
2773389/udp open|filtered ldap
2774500/udp open|filtered isakmp
2775520/udp open|filtered route
27762049/udp open|filtered nfs
2777
2778Nmap done: 1 IP address (1 host up) scanned in 3.73 seconds
2779#######################################################################################################################################
2780HTTP/1.1 200 OK
2781Content-Length: 701
2782Content-Type: text/html
2783Last-Modified: Mon, 02 Oct 2017 07:14:55 GMT
2784Accept-Ranges: bytes
2785ETag: "c3f1c0254e3bd31:0"
2786Server: Microsoft-IIS/8.5
2787X-Powered-By: ASP.NET
2788Date: Fri, 18 Oct 2019 03:45:19 GMT
2789
2790Allow: OPTIONS, TRACE, GET, HEAD, POST
2791#######################################################################################################################################
2792Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 23:46 EDT
2793NSE: Loaded 163 scripts for scanning.
2794NSE: Script Pre-scanning.
2795Initiating NSE at 23:46
2796Completed NSE at 23:46, 0.00s elapsed
2797Initiating NSE at 23:46
2798Completed NSE at 23:46, 0.00s elapsed
2799Initiating Parallel DNS resolution of 1 host. at 23:46
2800Completed Parallel DNS resolution of 1 host. at 23:46, 0.02s elapsed
2801Initiating SYN Stealth Scan at 23:46
2802Scanning 185.182.239.167 [1 port]
2803Discovered open port 80/tcp on 185.182.239.167
2804Completed SYN Stealth Scan at 23:46, 0.20s elapsed (1 total ports)
2805Initiating Service scan at 23:46
2806Scanning 1 service on 185.182.239.167
2807Completed Service scan at 23:46, 6.46s elapsed (1 service on 1 host)
2808Initiating OS detection (try #1) against 185.182.239.167
2809Retrying OS detection (try #2) against 185.182.239.167
2810Initiating Traceroute at 23:47
2811Completed Traceroute at 23:47, 0.65s elapsed
2812Initiating Parallel DNS resolution of 16 hosts. at 23:47
2813Completed Parallel DNS resolution of 16 hosts. at 23:47, 0.56s elapsed
2814NSE: Script scanning 185.182.239.167.
2815Initiating NSE at 23:47
2816Completed NSE at 23:48, 57.19s elapsed
2817Initiating NSE at 23:48
2818Completed NSE at 23:48, 1.27s elapsed
2819Nmap scan report for 185.182.239.167
2820Host is up (0.24s latency).
2821
2822PORT STATE SERVICE VERSION
282380/tcp open http Microsoft IIS httpd 8.5
2824| http-brute:
2825|_ Path "/" does not require authentication
2826|_http-chrono: Request times for /; avg: 547.80ms; min: 452.29ms; max: 600.85ms
2827|_http-csrf: Couldn't find any CSRF vulnerabilities.
2828|_http-date: Fri, 18 Oct 2019 03:46:29 GMT; -40s from local time.
2829|_http-devframework: ASP.NET detected. Found related header.
2830|_http-dombased-xss: Couldn't find any DOM based XSS.
2831|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2832|_http-errors: Couldn't find any error pages.
2833|_http-feed: Couldn't find any feeds.
2834|_http-fetch: Please enter the complete path of the directory to save data in.
2835| http-headers:
2836| Content-Length: 701
2837| Content-Type: text/html
2838| Last-Modified: Mon, 02 Oct 2017 07:14:55 GMT
2839| Accept-Ranges: bytes
2840| ETag: "c3f1c0254e3bd31:0"
2841| Server: Microsoft-IIS/8.5
2842| X-Powered-By: ASP.NET
2843| Date: Fri, 18 Oct 2019 03:46:36 GMT
2844| Connection: close
2845|
2846|_ (Request type: HEAD)
2847|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2848| http-methods:
2849| Supported Methods: OPTIONS TRACE GET HEAD POST
2850|_ Potentially risky methods: TRACE
2851|_http-mobileversion-checker: No mobile version detected.
2852| http-php-version: Logo query returned unknown hash dea139153d780fdc018caefdbd600c1c
2853|_Credits query returned unknown hash dea139153d780fdc018caefdbd600c1c
2854|_http-security-headers:
2855|_http-server-header: Microsoft-IIS/8.5
2856| http-sitemap-generator:
2857| Directory structure:
2858| /
2859| Other: 1; png: 1
2860| Longest directory structure:
2861| Depth: 0
2862| Dir: /
2863| Total files found (by extension):
2864|_ Other: 1; png: 1
2865|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2866|_http-title: IIS Windows Server
2867| http-vhosts:
2868|_127 names had status 200
2869|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
2870|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2871|_http-xssed: No previously reported XSS vuln.
2872| vulscan: VulDB - https://vuldb.com:
2873| [68193] Microsoft IIS 8.0/8.5 IP and Domain Restriction privilege escalation
2874| [48519] Microsoft Works 8.5/9.0 memory corruption
2875| [45763] Microsoft Windows Live Messenger up to 8.5.1 unknown vulnerability
2876| [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
2877| [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
2878| [134730] Microsoft Skype 8.35 on Android Bluetooth Listening information disclosure
2879| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
2880| [126799] Microsoft Dynamics 365 8 Web Request Code Execution
2881| [126798] Microsoft Dynamics 365 8 Web Request cross site scripting
2882| [126797] Microsoft Dynamics 365 8 Web Request cross site scripting
2883| [126796] Microsoft Dynamics 365 8 Web Request cross site scripting
2884| [126795] Microsoft Dynamics 365 8 Web Request cross site scripting
2885| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
2886| [121108] Microsoft Mail Client 8.1 information disclosure
2887| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2888| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2889| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
2890| [100989] Microsoft Internet Explorer 8/9/10/11 memory corruption
2891| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
2892| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
2893| [93988] Microsoft Desktop Client for Mac up to 8.0.36 privilege escalation
2894| [93755] Microsoft Internet Explorer 8 Ls\xC2\xADFind\xC2\xADSpan\xC2\xADVisual\xC2\xADBoundaries memory corruption
2895| [93535] Microsoft Internet Explorer 8/9/10/11 Regex vbscript.dll RegExpComp::PnodeParse memory corruption
2896| [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption
2897| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
2898| [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation
2899| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
2900| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
2901| [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO information disclosure
2902| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
2903| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
2904| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
2905| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
2906| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
2907| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
2908| [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal memory corruption
2909| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
2910| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
2911| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
2912| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
2913| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
2914| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
2915| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
2916| [80844] Microsoft Internet Explorer 8/9/10/11 MSHTML MSHTML!Method_VARIANTBOOLp_BSTR_o0oVARIANT memory corruption
2917| [80209] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript memory corruption
2918| [79462] Microsoft Internet Explorer 8/9/10/11 memory corruption
2919| [79460] Microsoft Internet Explorer 8/9 memory corruption
2920| [79458] Microsoft Internet Explorer 8/9 memory corruption
2921| [79457] Microsoft Internet Explorer 8/9 memory corruption
2922| [79455] Microsoft Internet Explorer 8/9/10/11 XSS Filter privilege escalation
2923| [79449] Microsoft Internet Explorer 8/9/10/11 XSS Filter privilege escalation
2924| [79448] Microsoft Internet Explorer 8/9/10/11 Scripting Engine memory corruption
2925| [79447] Microsoft Internet Explorer 8/9/10/11 Scripting Engine information disclosure
2926| [79445] Microsoft Internet Explorer 8/9/10/11 memory corruption
2927| [79162] Microsoft Internet Explorer 8/9/10/11 Scripting Engine memory corruption
2928| [79155] Microsoft Internet Explorer 8/9/10/11 memory corruption
2929| [79143] Microsoft Internet Explorer 8/9/10/11 memory corruption
2930| [78390] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine information disclosure
2931| [78386] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine memory corruption
2932| [78384] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine ASLR privilege escalation
2933| [78379] Microsoft Internet Explorer 8/9/10/11 EditWith Broker privilege escalation
2934| [78377] Microsoft Internet Explorer 8 privilege escalation
2935| [78362] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine RegExpBase::FBadHeader memory corruption
2936| [77605] Microsoft Internet Explorer 8 VBScript/JScript Engine memory corruption
2937| [77006] Microsoft Internet Explorer 8/9/10/11 memory corruption
2938| [77004] Microsoft Internet Explorer 8/9/10/11 memory corruption
2939| [76490] Microsoft Internet Explorer 8/9/10/11 Image Caching History information disclosure
2940| [76482] Microsoft Internet Explorer 8 memory corruption
2941| [76479] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
2942| [76474] Microsoft Internet Explorer 8/9 memory corruption
2943| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
2944| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
2945| [76437] Microsoft Internet Explorer 8/9 memory corruption
2946| [75780] Microsoft Internet Explorer 8 memory corruption
2947| [75707] Cisco Unified MeetingPlace for Microsoft Outlook 8.6(1.2)/ 8.6(1.9) cross site scripting
2948| [75322] Microsoft Internet Explorer 8/9 memory corruption
2949| [75319] Microsoft Internet Explorer 8/9/10/11 memory corruption
2950| [75311] Microsoft Internet Explorer 8/9 memory corruption
2951| [75308] Microsoft Internet Explorer 8/9/10/11 VBscript and JScript Engine privilege escalation
2952| [75306] Microsoft Internet Explorer 8/9/10/11 VBScript Engine privilege escalation
2953| [74856] Microsoft Internet Explorer 8/9/10/11 memory corruption
2954| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
2955| [73946] Microsoft Internet Explorer 8/9/10/11 memory corruption
2956| [73943] Microsoft Internet Explorer 8 memory corruption
2957| [73939] Microsoft Internet Explorer 8/9/10/11 VBScript Engine memory corruption
2958| [69137] Microsoft Internet Explorer 8 ASLR privilege escalation
2959| [69136] Microsoft Internet Explorer 8/9 MSHTML SpanQualifier memory corruption
2960| [69135] Microsoft Internet Explorer 8/10 memory corruption
2961| [69131] Microsoft Internet Explorer 8/9 memory corruption
2962| [69130] Microsoft Internet Explorer 8/9/10/11 memory corruption
2963| [68400] Microsoft Internet Explorer 8 memory corruption
2964| [68393] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
2965| [68389] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
2966| [68181] Microsoft Internet Explorer 8/9/10/11 memory corruption
2967| [68176] Microsoft Internet Explorer 8/9/10/11 information disclosure
2968| [68174] Microsoft Internet Explorer 8/9 memory corruption
2969| [68169] Microsoft Internet Explorer 8/9 ASLR privilege escalation
2970| [68211] Microsoft Internet Explorer 8/9/10/11 denial of service
2971| [67821] Microsoft Internet Explorer 8/9/10/11 CAttrArray memory corruption
2972| [67813] Microsoft Internet Explorer 8 memory corruption
2973| [67500] Microsoft Internet Explorer 8/9/10/11 memory corruption
2974| [67494] Microsoft Internet Explorer 8/9/10/11 memory corruption
2975| [67345] Microsoft Internet Explorer 8/9/10/11 memory corruption
2976| [67340] Microsoft Internet Explorer 8 memory corruption
2977| [67337] Microsoft Internet Explorer 8/9 memory corruption
2978| [67007] Microsoft Internet Explorer 8/9/10/11 memory corruption
2979| [67006] Microsoft Internet Explorer 8/9/10 memory corruption
2980| [67002] Microsoft Internet Explorer 8/9/10/11 memory corruption
2981| [67000] Microsoft Internet Explorer 8/9/10/11 memory corruption
2982| [66995] Microsoft Internet Explorer 8/9/10/11 memory corruption
2983| [13542] Microsoft Internet Explorer 8/9/10/11 privilege escalation
2984| [13536] Microsoft Internet Explorer 8 memory corruption
2985| [13518] Microsoft Internet Explorer 8 memory corruption
2986| [13515] Microsoft Internet Explorer 8/9/10/11 memory corruption
2987| [13509] Microsoft Internet Explorer 8 memory corruption
2988| [13499] Microsoft Internet Explorer 8 memory corruption
2989| [13496] Microsoft Internet Explorer 8/9/10/11 privilege escalation
2990| [13027] Microsoft Internet Explorer 8/9 information disclosure
2991| [66605] Microsoft Internet Explorer 8/9/10/11 memory corruption
2992| [12543] Microsoft Internet Explorer 8/9/10/11 memory corruption
2993| [12541] Microsoft Internet Explorer 8/9/10 memory corruption
2994| [12540] Microsoft Internet Explorer 8/9/10/11 memory corruption
2995| [12538] Microsoft Internet Explorer 8/9 memory corruption
2996| [12531] Microsoft Internet Explorer 8/9/10/11 memory corruption
2997| [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control information disclosure
2998| [12252] Microsoft Internet Explorer 8 memory corruption
2999| [12245] Microsoft Internet Explorer 8/9/10/11 memory corruption
3000| [12239] Microsoft Internet Explorer 8/9/10/11 privilege escalation
3001| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
3002| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
3003| [11141] Microsoft Internet Explorer 8/9/10/11 CCaret Object Use-After-Free memory corruption
3004| [11138] Microsoft Internet Explorer 8/9/10/11 CTreePos Object memory corruption
3005| [10623] Microsoft Internet Explorer 8/9 memory corruption
3006| [10215] Microsoft Internet Explorer 8/9 memory corruption
3007| [10214] Microsoft Internet Explorer 8/9/10 memory corruption
3008| [9935] Microsoft Internet Explorer 8/9 memory corruption
3009| [9934] Microsoft Internet Explorer 8/9/10 memory corruption
3010| [9933] Microsoft Internet Explorer 8/9 memory corruption
3011| [9932] Microsoft Internet Explorer 8/9 memory corruption
3012| [10246] Microsoft Internet Explorer 8 Table Tree Use-After-Free memory corruption
3013| [9419] Microsoft Internet Explorer up to 8 memory corruption
3014| [9418] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
3015| [9413] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
3016| [9406] Microsoft Internet Explorer 8/9/10 memory corruption
3017| [9099] Microsoft Internet Explorer 8/9 Use-After-Free memory corruption
3018| [9098] Microsoft Internet Explorer 8 memory corruption
3019| [9095] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
3020| [9084] Microsoft Internet Explorer 8/9/10 _UpdateButtonLocation memory corruption
3021| [9083] Microsoft Internet Explorer 8/9 memory corruption
3022| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
3023| [8718] Microsoft Internet Explorer 8 memory corruption
3024| [8714] Microsoft Internet Explorer 8/9 memory corruption
3025| [8712] Microsoft Internet Explorer 8/9 memory corruption
3026| [8601] Microsoft Internet Explorer 8 'vtable' memory corruption
3027| [8423] Microsoft Internet Explorer up to 8.00.6001.18702 CSS iexplorer.exe denial of service
3028| [7962] Microsoft Internet Explorer up to 8 CTreeNode memory corruption
3029| [7958] Microsoft Internet Explorer up to 8 Celement memory corruption
3030| [7996] Microsoft Windows 8 TrueType Font denial of service
3031| [63558] Microsoft Internet Explorer 8 Use-After-Free memory corruption
3032| [63557] Microsoft Internet Explorer 8/9 Use-After-Free memory corruption
3033| [7511] Microsoft Internet Explorer 8/9 TCP Session information disclosure
3034| [7510] Microsoft Internet Explorer 8/9 HTTP/HTTPS Request spoofing
3035| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
3036| [7199] Microsoft Internet Explorer 8/9 mshtml.dll Unclosed Tags Sequence denial of service
3037| [6513] Microsoft Internet Explorer 8/9 OnMove Engine Use-After-Free memory corruption
3038| [5937] Microsoft Internet Explorer 8/9 JavaScript Parser memory corruption
3039| [5538] Microsoft Internet Explorer 8 Same ID Property Deleted Object memory corruption
3040| [5532] Microsoft Internet Explorer 8/9 HTML Sanitization toStaticHTML String information disclosure
3041| [5530] Microsoft Internet Explorer 8/9 OnRowsInserted Elements memory corruption
3042| [5516] Microsoft Internet Explorer 8/9 memory corruption
3043| [4467] Microsoft Internet Explorer 8 cross site scripting
3044| [4454] Microsoft Internet Explorer 8/9 unknown vulnerability
3045| [59618] Microsoft Internet Explorer 8 unknown vulnerability
3046| [57681] Microsoft Internet Explorer 8/9 memory corruption
3047| [57675] Microsoft Internet Explorer 8 memory corruption
3048| [4372] Microsoft Internet Explorer 8/9 information disclosure
3049| [57130] Microsoft Internet Explorer 8 on Win7 msxml.dll unknown vulnerability
3050| [4340] Microsoft Internet Explorer up to 8 unknown vulnerability
3051| [56786] Microsoft Internet Explorer 8 on Win7 unknown vulnerability
3052| [56785] Microsoft Internet Explorer 8 on Win7 memory corruption
3053| [56412] Microsoft Internet Explorer 8 IEShims.dll unknown vulnerability
3054| [55755] Microsoft Internet Explorer 8 memory corruption
3055| [54961] Microsoft Internet Explorer 8 mshtml.dll InsertIntoTimeoutList information disclosure
3056| [4172] Microsoft Internet Explorer up to 8 CSS cross site scripting
3057| [54339] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
3058| [53805] Microsoft Internet Explorer 8 unknown vulnerability
3059| [53514] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
3060| [53513] Microsoft Internet Explorer 8 memory corruption
3061| [4137] Microsoft Internet Explorer up to 8.0 memory corruption
3062| [4121] Microsoft Internet Explorer 8 XSS Filter cross site scripting
3063| [52505] Microsoft Internet Explorer 8 mstime.dll memory corruption
3064| [52373] Microsoft Internet Explorer 8 on Win7 Use-After-Free memory corruption
3065| [52372] Microsoft Internet Explorer 8 on Win7 Heap-based memory corruption
3066| [51652] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
3067| [51651] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
3068| [50914] Microsoft Internet Explorer 8 cross site scripting
3069| [50910] Microsoft Internet Explorer 8 unknown vulnerability
3070| [4048] Microsoft Internet Explorer up to 8 CSS Declaration memory corruption
3071| [4047] Microsoft Internet Explorer up to 8 DOM Object memory corruption
3072| [4046] Microsoft Internet Explorer up to 8 HTML memory corruption
3073| [3987] Microsoft Internet Explorer up to 8 Row Reference memory corruption
3074| [3982] Microsoft Internet Explorer up to 8 DHTML Call memory corruption
3075| [47244] Microsoft Internet Explorer 8 on Win 7 memory corruption
3076| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
3077| [45451] Microsoft Internet Explorer 8 XSS Filter cross site scripting
3078| [45450] Microsoft Internet Explorer 8 XSS Filter Protection cross site scripting
3079| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3080| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3081| [45447] Microsoft Internet Explorer 8 XSS Filter cross site scripting
3082| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3083| [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption
3084| [34991] Microsoft Visual Studio 8.0 msvcr80.dll denial of service
3085| [33589] Microsoft Windows Live Messenger up to 8.0 denial of service
3086|
3087| MITRE CVE - https://cve.mitre.org:
3088| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3089| [CVE-2011-1215] Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
3090| [CVE-2010-3496] McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
3091| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
3092| [CVE-2009-3032] Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.
3093| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
3094| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
3095| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
3096| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
3097| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
3098| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
3099| [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
3100| [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
3101| [CVE-2004-1312] A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
3102| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
3103| [CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
3104| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
3105| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
3106| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
3107| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
3108| [CVE-2013-3164] Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
3109| [CVE-2013-3163] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
3110| [CVE-2013-3151] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.
3111| [CVE-2013-3149] Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
3112| [CVE-2013-3144] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.
3113| [CVE-2013-3141] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110.
3114| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
3115| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
3116| [CVE-2013-3123] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111.
3117| [CVE-2013-3111] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.
3118| [CVE-2013-3110] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141.
3119| [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report.
3120| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
3121| [CVE-2013-1451] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
3122| [CVE-2013-1450] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.
3123| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
3124| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
3125| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
3126| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
3127| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
3128| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
3129| [CVE-2013-1311] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
3130| [CVE-2013-1307] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811.
3131| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
3132| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
3133| [CVE-2013-1297] Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
3134| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
3135| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
3136| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
3137| [CVE-2013-1288] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
3138| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
3139| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
3140| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
3141| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
3142| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
3143| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
3144| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
3145| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
3146| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3147| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3148| [CVE-2013-0811] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307.
3149| [CVE-2013-0091] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
3150| [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."
3151| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
3152| [CVE-2013-0025] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
3153| [CVE-2013-0024] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
3154| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
3155| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
3156| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
3157| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
3158| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
3159| [CVE-2012-2557] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
3160| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
3161| [CVE-2012-2523] Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
3162| [CVE-2012-1881] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
3163| [CVE-2012-1875] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
3164| [CVE-2012-1874] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
3165| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
3166| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
3167| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
3168| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
3169| [CVE-2012-1529] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."
3170| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
3171| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
3172| [CVE-2012-1523] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
3173| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
3174| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
3175| [CVE-2012-0172] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
3176| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
3177| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
3178| [CVE-2011-2382] Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
3179| [CVE-2011-1999] Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
3180| [CVE-2011-1996] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
3181| [CVE-2011-1992] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
3182| [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.
3183| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
3184| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
3185| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
3186| [CVE-2011-1266] The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
3187| [CVE-2011-1260] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
3188| [CVE-2011-1258] Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."
3189| [CVE-2011-1257] Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
3190| [CVE-2011-1256] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."
3191| [CVE-2011-1255] The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
3192| [CVE-2011-1254] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."
3193| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
3194| [CVE-2011-1251] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."
3195| [CVE-2011-1246] Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."
3196| [CVE-2011-1244] Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
3197| [CVE-2011-0346] Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
3198| [CVE-2011-0038] Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
3199| [CVE-2011-0036] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.
3200| [CVE-2011-0035] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.
3201| [CVE-2010-5071] The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
3202| [CVE-2010-3971] Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
3203| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
3204| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
3205| [CVE-2010-3886] The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
3206| [CVE-2010-3348] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.
3207| [CVE-2010-3346] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
3208| [CVE-2010-3345] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
3209| [CVE-2010-3342] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.
3210| [CVE-2010-3331] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
3211| [CVE-2010-3330] Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."
3212| [CVE-2010-3329] mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
3213| [CVE-2010-3328] Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
3214| [CVE-2010-3327] The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."
3215| [CVE-2010-3325] Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
3216| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
3217| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
3218| [CVE-2010-2560] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."
3219| [CVE-2010-2559] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.
3220| [CVE-2010-2558] Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."
3221| [CVE-2010-2556] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
3222| [CVE-2010-2442] Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."
3223| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3224| [CVE-2010-2118] Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
3225| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
3226| [CVE-2010-1991] Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
3227| [CVE-2010-1489] The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
3228| [CVE-2010-1262] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."
3229| [CVE-2010-1261] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
3230| [CVE-2010-1260] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
3231| [CVE-2010-1259] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
3232| [CVE-2010-1258] Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."
3233| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
3234| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
3235| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
3236| [CVE-2010-0555] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.
3237| [CVE-2010-0494] Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
3238| [CVE-2010-0492] Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
3239| [CVE-2010-0490] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
3240| [CVE-2010-0255] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
3241| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
3242| [CVE-2010-0248] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
3243| [CVE-2010-0246] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
3244| [CVE-2010-0245] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
3245| [CVE-2010-0244] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
3246| [CVE-2010-0112] Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file
3247| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
3248| [CVE-2009-4074] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
3249| [CVE-2009-4073] The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
3250| [CVE-2009-3674] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
3251| [CVE-2009-3673] Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
3252| [CVE-2009-3671] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
3253| [CVE-2009-3003] Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
3254| [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
3255| [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.
3256| [CVE-2009-2536] Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
3257| [CVE-2009-2531] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.
3258| [CVE-2009-2530] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.
3259| [CVE-2009-2529] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."
3260| [CVE-2009-2069] Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
3261| [CVE-2009-2064] Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
3262| [CVE-2009-2057] Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
3263| [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3
3264| [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
3265| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
3266| [CVE-2009-1016] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate.
3267| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3268| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
3269| [CVE-2009-0084] Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
3270| [CVE-2009-0072] Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.
3271| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
3272| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
3273| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
3274| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
3275| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
3276| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
3277| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
3278| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3279| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
3280| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
3281| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
3282| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
3283| [CVE-2008-4254] Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
3284| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
3285| [CVE-2008-4252] The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
3286| [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.
3287| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
3288| [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
3289| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
3290| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
3291| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
3292| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
3293| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
3294| [CVE-2008-2948] Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
3295| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3296| [CVE-2008-1544] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
3297| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
3298| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
3299| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
3300| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
3301| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
3302| [CVE-2007-5277] Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.
3303| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
3304| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
3305| [CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
3306| [CVE-2007-0842] The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.
3307| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
3308| [CVE-2007-0047] CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
3309| [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
3310| [CVE-2006-3654] Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.
3311| [CVE-2006-3653] wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.
3312| [CVE-2005-3568] db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."
3313| [CVE-2005-3182] Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.
3314| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
3315| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
3316| [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
3317| [CVE-2002-2435] The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
3318| [CVE-2002-2380] NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
3319| [CVE-2002-0797] Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
3320| [CVE-2001-0238] Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
3321|
3322| SecurityFocus - https://www.securityfocus.com/bid/:
3323| [582] Microsoft IIS And PWS 8.3 Directory Name Vulnerability
3324| [58847] Microsoft Windows Defender for Windows 8 and Windows RT Local Privilege Escalation Vulnerability
3325| [42467] Microsoft Internet Explorer 8 'toStaticHTML()' HTML Sanitization Bypass Weakness
3326| [40490] Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability
3327| [37135] Microsoft Internet Explorer 8 Cross-Site Scripting Filter Cross-Site Scripting Vulnerability
3328| [35941] Microsoft Internet Explorer 8 Denial of Service Vulnerability
3329|
3330| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3331| [40937] Microsoft Windows Knowledge Base Article 815495 update not installed
3332| [37226] Microsoft Windows Knowledge Base Article 815495 update not installed
3333| [19102] Microsoft Knowledge Base Article 885834 is not installed
3334| [19090] Microsoft Knowledge Base Article 885250 is not installed
3335| [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed
3336| [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed
3337| [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed
3338| [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass
3339| [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation
3340| [57338] Microsoft Internet Explorer 8 Developer Tools code execution
3341| [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed
3342| [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed
3343| [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed
3344| [22155] Microsoft Knowledge Base Article 896688 is not installed
3345| [22072] Microsoft Knowledge Base Article 899587 is not installed
3346| [22071] Microsoft Knowledge Base Article 896428 is not installed
3347| [22069] Microsoft Knowledge Base Article 890859 is not installed
3348| [22068] Microsoft Knowledge Base Article 890046 is not installed
3349| [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed
3350| [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed
3351| [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed
3352| [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed
3353| [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed
3354| [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed
3355| [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed
3356| [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed
3357| [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed
3358| [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed
3359| [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed
3360| [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed
3361| [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed
3362| [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed
3363| [19875] Microsoft Knowledge Base Article 893066 is not installed
3364| [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed
3365| [19252] Microsoft Knowledge Base Article 890261 is not installed
3366| [19141] Microsoft Knowledge Base Article 867282 is not installed
3367| [19118] Microsoft Knowledge Base Article 890047 is not installed
3368| [19116] Microsoft Knowledge Base Article 891781 is not installed
3369| [19112] Microsoft Knowledge Base Article 873352 is not installed
3370| [19111] Microsoft Knowledge Base Article 888113 is not installed
3371| [19106] Microsoft Knowledge Base Article 873333 is not installed
3372| [19095] Microsoft Knowledge Base Article 888302 is not installed
3373| [19092] Microsoft Knowledge Base Article 887981 is not installed
3374| [18944] Microsoft Knowledge Base Article 886185 is not installed
3375| [18770] Microsoft Knowledge Base Article 890175 is not installed
3376| [18769] Microsoft Knowledge Base Article 887219 is not installed
3377| [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed
3378| [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed
3379| [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed
3380| [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed
3381| [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed
3382|
3383| Exploit-DB - https://www.exploit-db.com:
3384| [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities
3385| [31118] Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability
3386| [30537] Microsoft MSN Messenger <= 8.0 - Video Conversation Buffer Overflow Vulnerability
3387| [28222] microsoft works 8.0 spreadsheet Multiple Vulnerabilities
3388| [12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability
3389|
3390| OpenVAS (Nessus) - http://www.openvas.org:
3391| [902914] Microsoft IIS GET Request Denial of Service Vulnerability
3392| [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability
3393| [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
3394| [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
3395| [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
3396| [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
3397| [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability
3398| [900567] Microsoft IIS Security Bypass Vulnerability (970483)
3399| [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability
3400| [801669] Microsoft Windows IIS FTP Server DOS Vulnerability
3401| [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability
3402| [100952] Microsoft IIS FTPd NLST stack overflow
3403| [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability
3404| [10680] Test Microsoft IIS Source Fragment Disclosure
3405| [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197)
3406| [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045)
3407| [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594)
3408| [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847)
3409| [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)
3410| [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830)
3411| [903017] Microsoft Office Remote Code Execution Vulnerability (2639185)
3412| [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
3413| [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534)
3414| [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
3415| [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
3416| [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451)
3417| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
3418| [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184)
3419| [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913)
3420| [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135)
3421| [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
3422| [902920] Microsoft Office Remote Code Execution Vulnerability (2731879)
3423| [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
3424| [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
3425| [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X)
3426| [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X)
3427| [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352)
3428| [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)
3429| [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities
3430| [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
3431| [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
3432| [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
3433| [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992)
3434| [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442)
3435| [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
3436| [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
3437| [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability
3438| [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
3439| [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
3440| [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)
3441| [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
3442| [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
3443| [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
3444| [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
3445| [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)
3446| [902798] Microsoft SMB Signing Enabled and Not Required At Server
3447| [902797] Microsoft SMB Signing Information Disclosure Vulnerability
3448| [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
3449| [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
3450| [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
3451| [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883)
3452| [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)
3453| [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
3454| [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
3455| [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
3456| [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465)
3457| [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226)
3458| [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
3459| [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
3460| [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
3461| [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)
3462| [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177)
3463| [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939)
3464| [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
3465| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
3466| [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)
3467| [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)
3468| [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157)
3469| [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
3470| [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability
3471| [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
3472| [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability
3473| [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
3474| [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444)
3475| [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)
3476| [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
3477| [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
3478| [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938)
3479| [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
3480| [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048)
3481| [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)
3482| [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability
3483| [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
3484| [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670)
3485| [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634)
3486| [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621)
3487| [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
3488| [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
3489| [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
3490| [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
3491| [902518] Microsoft .NET Framework Security Bypass Vulnerability
3492| [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
3493| [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
3494| [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)
3495| [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
3496| [902495] Microsoft Office Remote Code Execution Vulnerability (2590602)
3497| [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241)
3498| [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702)
3499| [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142)
3500| [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)
3501| [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)
3502| [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978)
3503| [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)
3504| [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847)
3505| [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893)
3506| [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
3507| [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275)
3508| [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814)
3509| [902425] Microsoft Windows SMB Accessible Shares
3510| [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510)
3511| [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
3512| [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
3513| [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability
3514| [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
3515| [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146)
3516| [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
3517| [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
3518| [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293)
3519| [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047)
3520| [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
3521| [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
3522| [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
3523| [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005)
3524| [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
3525| [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953)
3526| [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960)
3527| [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)
3528| [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
3529| [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)
3530| [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
3531| [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678)
3532| [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)
3533| [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420)
3534| [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970)
3535| [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
3536| [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194)
3537| [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211)
3538| [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679)
3539| [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
3540| [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability
3541| [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability
3542| [902254] Microsoft Office Products Insecure Library Loading Vulnerability
3543| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
3544| [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
3545| [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011)
3546| [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886)
3547| [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799)
3548| [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
3549| [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168)
3550| [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)
3551| [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
3552| [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198)
3553| [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212)
3554| [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability
3555| [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
3556| [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235)
3557| [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381)
3558| [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability
3559| [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213)
3560| [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
3561| [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability
3562| [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232)
3563| [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160)
3564| [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)
3565| [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232)
3566| [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182)
3567| [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10
3568| [902133] Microsoft Office Excel Multiple Vulnerabilities (980150)
3569| [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935)
3570| [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)
3571| [902115] Microsoft Kerberos Denial of Service Vulnerability (977290)
3572| [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
3573| [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251)
3574| [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707)
3575| [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329)
3576| [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852)
3577| [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
3578| [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
3579| [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
3580| [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559)
3581| [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094)
3582| [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816)
3583| [902033] Microsoft Windows '.ani' file Denial of Service vulnerability
3584| [902015] Microsoft Paint Remote Code Execution Vulnerability (978706)
3585| [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809)
3586| [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857)
3587| [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
3588| [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660)
3589| [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
3590| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
3591| [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926)
3592| [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448)
3593| [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947)
3594| [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030)
3595| [901183] Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
3596| [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017)
3597| [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089)
3598| [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930)
3599| [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
3600| [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))
3601| [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
3602| [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
3603| [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)
3604| [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290)
3605| [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)
3606| [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461)
3607| [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218)
3608| [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858)
3609| [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207)
3610| [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
3611| [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183)
3612| [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318)
3613| [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)
3614| [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
3615| [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309)
3616| [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
3617| [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
3618| [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307)
3619| [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
3620| [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
3621| [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
3622| [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability
3623| [900956] Microsoft Windows Patterns & Practices EntLib Version Detection
3624| [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
3625| [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
3626| [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)
3627| [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09
3628| [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09
3629| [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09
3630| [900887] Microsoft Office Excel Multiple Vulnerabilities (972652)
3631| [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)
3632| [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059)
3633| [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525)
3634| [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)
3635| [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
3636| [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
3637| [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
3638| [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)
3639| [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability
3640| [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
3641| [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
3642| [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability
3643| [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability
3644| [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883)
3645| [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
3646| [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
3647| [900808] Microsoft Visual Products Version Detection
3648| [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability
3649| [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10
3650| [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165)
3651| [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856)
3652| [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
3653| [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
3654| [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953)
3655| [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
3656| [900568] Microsoft Windows Search Script Execution Vulnerability (963093)
3657| [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
3658| [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557)
3659| [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
3660| [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability
3661| [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
3662| [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability
3663| [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability
3664| [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516)
3665| [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites
3666| [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514)
3667| [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09
3668| [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability
3669| [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
3670| [900314] Microsoft XML Core Service Information Disclosure Vulnerability
3671| [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability
3672| [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
3673| [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
3674| [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)
3675| [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)
3676| [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
3677| [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
3678| [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276)
3679| [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
3680| [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
3681| [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
3682| [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429)
3683| [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
3684| [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
3685| [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)
3686| [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)
3687| [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434)
3688| [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)
3689| [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
3690| [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386)
3691| [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)
3692| [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902)
3693| [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
3694| [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542)
3695| [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
3696| [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210)
3697| [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683)
3698| [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402)
3699| [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561)
3700| [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
3701| [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
3702| [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214)
3703| [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)
3704| [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
3705| [900192] Microsoft Internet Explorer Information Disclosure Vulnerability
3706| [900187] Microsoft Internet Explorer Argument Injection Vulnerability
3707| [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability
3708| [900173] Microsoft Windows Media Player Version Detection
3709| [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability
3710| [900170] Microsoft iExplorer '&NBSP
3711| [900131] Microsoft Internet Explorer Denial of Service Vulnerability
3712| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
3713| [900120] Microsoft Organization Chart Remote Code Execution Vulnerability
3714| [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability
3715| [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
3716| [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
3717| [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
3718| [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
3719| [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
3720| [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
3721| [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
3722| [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
3723| [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
3724| [900048] Microsoft Excel Remote Code Execution Vulnerability (956416)
3725| [900047] Microsoft Office nformation Disclosure Vulnerability (957699)
3726| [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047)
3727| [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785)
3728| [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
3729| [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
3730| [900025] Microsoft Office Version Detection
3731| [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability
3732| [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
3733| [855384] Solaris Update for snmp/mibiisa 108870-36
3734| [855273] Solaris Update for snmp/mibiisa 108869-36
3735| [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
3736| [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
3737| [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)
3738| [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
3739| [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
3740| [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
3741| [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962)
3742| [802726] Microsoft SMB Signing Disabled
3743| [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities
3744| [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)
3745| [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
3746| [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655)
3747| [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability
3748| [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)
3749| [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability
3750| [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability
3751| [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability
3752| [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities
3753| [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
3754| [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability
3755| [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability
3756| [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows)
3757| [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637)
3758| [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
3759| [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
3760| [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities
3761| [801934] Microsoft Silverlight Version Detection
3762| [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
3763| [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability
3764| [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability
3765| [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
3766| [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
3767| [801721] Microsoft Active Directory Denial of Service Vulnerability (953235)
3768| [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
3769| [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213)
3770| [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
3771| [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
3772| [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227)
3773| [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)
3774| [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
3775| [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
3776| [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456)
3777| [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)
3778| [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
3779| [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
3780| [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities
3781| [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability
3782| [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
3783| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
3784| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
3785| [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
3786| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
3787| [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities
3788| [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities
3789| [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
3790| [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095)
3791| [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
3792| [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693)
3793| [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
3794| [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762)
3795| [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)
3796| [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349)
3797| [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
3798| [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
3799| [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565)
3800| [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145)
3801| [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability
3802| [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
3803| [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10)
3804| [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10
3805| [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
3806| [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
3807| [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability
3808| [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
3809| [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability
3810| [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
3811| [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities
3812| [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability
3813| [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
3814| [800902] Microsoft Internet Explorer XSS Vulnerability - July09
3815| [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09
3816| [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09
3817| [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
3818| [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability
3819| [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
3820| [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
3821| [800742] Microsoft Internet Explorer Unspecified vulnerability
3822| [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability
3823| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
3824| [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09
3825| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
3826| [800505] Microsoft HTML Help Workshop buffer overflow vulnerability
3827| [800504] Microsoft Windows XP SP3 denial of service vulnerability
3828| [800481] Microsoft SharePoint Cross Site Scripting Vulnerability
3829| [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
3830| [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
3831| [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
3832| [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability
3833| [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
3834| [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340)
3835| [800347] Microsoft Internet Explorer Clickjacking Vulnerability
3836| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
3837| [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability
3838| [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability
3839| [800331] Microsoft Windows Live Messenger Client Version Detection
3840| [800328] Integer Overflow vulnerability in Microsoft Windows Media Player
3841| [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability
3842| [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability
3843| [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability
3844| [800217] Microsoft Money Version Detection
3845| [800209] Microsoft Internet Explorer Version Detection (Win)
3846| [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities
3847| [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
3848| [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability
3849| [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)
3850| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
3851| [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127)
3852| [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902)
3853| [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969)
3854| [102015] Microsoft RPC Interface Buffer Overrun (KB824146)
3855| [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
3856| [101017] Microsoft MS03-018 security check
3857| [101016] Microsoft MS03-022 security check
3858| [101015] Microsoft MS03-034 security check
3859| [101014] Microsoft MS00-078 security check
3860| [101012] Microsoft MS03-051 security check
3861| [101010] Microsoft Security Bulletin MS05-004
3862| [101009] Microsoft Security Bulletin MS06-033
3863| [101007] Microsoft dotNET version grabber
3864| [101006] Microsoft Security Bulletin MS06-056
3865| [101005] Microsoft Security Bulletin MS07-040
3866| [101004] Microsoft MS04-017 security check
3867| [101003] Microsoft MS00-058 security check
3868| [101000] Microsoft MS00-060 security check
3869| [100950] Microsoft DNS server internal hostname disclosure detection
3870| [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability
3871| [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
3872| [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability
3873| [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
3874| [100062] Microsoft Remote Desktop Protocol Detection
3875| [90024] Windows Vulnerability in Microsoft Jet Database Engine
3876| [80007] Microsoft MS00-06 security check
3877| [13752] Denial of Service (DoS) in Microsoft SMS Client
3878| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
3879| [11874] IIS Service Pack - 404
3880| [11808] Microsoft RPC Interface Buffer Overrun (823980)
3881| [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009)
3882| [11217] Microsoft's SQL Version Query
3883| [11177] Flaw in Microsoft VM Could Allow Code Execution (810030)
3884| [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380)
3885| [11142] IIS XSS via IDC error
3886| [11067] Microsoft's SQL Hello Overflow
3887| [11003] IIS Possible Compromise
3888| [10993] IIS ASP.NET Application Trace Enabled
3889| [10991] IIS Global.asa Retrieval
3890| [10936] IIS XSS via 404 error
3891| [10862] Microsoft's SQL Server Brute Force
3892| [10755] Microsoft Exchange Public Folders Information Leak
3893| [10732] IIS 5.0 WebDav Memory Leakage
3894| [10699] IIS FrontPage DoS II
3895| [10695] IIS .IDA ISAPI filter applied
3896| [10674] Microsoft's SQL UDP Info Query
3897| [10673] Microsoft's SQL Blank Password
3898| [10671] IIS Remote Command Execution
3899| [10667] IIS 5.0 PROPFIND Vulnerability
3900| [10661] IIS 5 .printer ISAPI filter applied
3901| [10657] NT IIS 5.0 Malformed HTTP Printer Request Header Buffer Overflow Vulnerability
3902| [10585] IIS FrontPage DoS
3903| [10576] Check for dangerous IIS default files
3904| [10575] Check for IIS .cnf file leakage
3905| [10573] IIS 5.0 Sample App reveals physical path of web root
3906| [10572] IIS 5.0 Sample App vulnerable to cross-site scripting attack
3907| [10537] IIS directory traversal
3908| [10492] IIS IDA/IDQ Path Disclosure
3909| [10491] ASP/ASA source using Microsoft Translate f: bug
3910| [10144] Microsoft SQL TCP/IP listener is running
3911|
3912| SecurityTracker - https://www.securitytracker.com:
3913| [1024070] Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code
3914| [1027751] Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords
3915| [1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users
3916| [1024921] Microsoft IIS FTP Server Lets Remote Users Deny Service
3917| [1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service
3918| [1023387] Microsoft Internet Information Services (IIS) Filename Extension Parsing Configuration Error May Let Users Bypass Security Controls
3919| [1022792] Microsoft Internet Information Server (IIS) FTP Server Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code and Deny Service
3920| [1016466] Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code
3921| [1015376] Microsoft IIS Lets Remote Users Deny Service or Execute Arbitrary Code With Malformed HTTP GET Requests
3922| [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files
3923| [1014777] Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases
3924| [1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service
3925| [1010692] Microsoft IIS 4.0 Buffer Overflow in Redirect Function Lets Remote Users Execute Arbitrary Code
3926| [1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases
3927| [1010079] Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users
3928| [1008563] Microsoft IIS Fails to Log HTTP TRACK Requests
3929| [1007262] Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators
3930| [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code
3931| [1006867] Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service
3932| [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code
3933| [1006704] Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users
3934| [1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code
3935| [1005505] Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files
3936| [1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server
3937| [1005503] Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks
3938| [1005502] Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server
3939| [1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers
3940| [1004757] Microsoft IIS SMTP Service Encapsulation Bug Lets Remote Users Relay Mail and Send SPAM Via the Service
3941| [1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code
3942| [1004526] Microsoft Internet Information Server (IIS) Heap Overflow in HTR ISAPI Extension While Processing Chunked Encoded Data Lets Remote Users Execute Arbitrary Code
3943| [1004044] Cisco CallManager Affected by Microsoft Internet Information Server (IIS) Bugs
3944| [1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services
3945| [1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service
3946| [1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server
3947| [1004006] Microsoft Internet Information Server (IIS) Off-By-One Heap Overflow in .HTR Processing May Let Remote Users Execute Arbitrary Code on the Server
3948| [1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected
3949| [1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries
3950| [1002733] Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information
3951| [1002651] Microsoft Internet Information Server (IIS) May Disclose PHP Scripting Source Code
3952| [1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash
3953| [1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users
3954| [1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem
3955| [1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall
3956| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
3957| [1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error
3958| [1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command
3959| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
3960| [1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts
3961| [1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users
3962| [1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User
3963|
3964| OSVDB - http://www.osvdb.org:
3965| [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS
3966| [65218] Microsoft IE 8 Developer Tools ActiveX Remote Code Execution
3967| [87555] Adobe ColdFusion for Microsoft IIS Unspecified DoS
3968| [87262] Microsoft IIS FTP Command Injection Information Disclosure
3969| [87261] Microsoft IIS Log File Permission Weakness Local Password Disclosure
3970| [86899] Microsoft IIS 302 Redirect Message Internal IP Address Remote Disclosure
3971| [83771] Microsoft IIS Tilde Character Request Parsing File / Folder Name Information Disclosure
3972| [83454] Microsoft IIS ODBC Tool ctguestb.idc Unauthenticated Remote DSN Initialization
3973| [83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure
3974| [82848] Microsoft IIS $INDEX_ALLOCATION Data Stream Request Authentication Bypass
3975| [76237] Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Remote DoS
3976| [71856] Microsoft IIS Status Header Handling Remote Overflow
3977| [70167] Microsoft IIS FTP Server Telnet IAC Character Handling Overflow
3978| [67980] Microsoft IIS Unspecified Remote Directory Authentication Bypass
3979| [67979] Microsoft IIS FastCGI Request Header Handling Remote Overflow
3980| [67978] Microsoft IIS Repeated Parameter Request Unspecified Remote DoS
3981| [66160] Microsoft IIS Basic Authentication NTFS Stream Name Permissions Bypass
3982| [65216] Microsoft IIS Extended Protection for Authentication Memory Corruption
3983| [62229] Microsoft IIS Crafted DNS Response Inverse Lookup Log Corruption XSS
3984| [61432] Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote File Creation
3985| [61294] Microsoft IIS ASP Crafted semicolon Extension Security Bypass
3986| [61249] Microsoft IIS ctss.idc table Parameter SQL Injection
3987| [59892] Microsoft IIS Malformed Host Header Remote DoS
3988| [59621] Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure
3989| [59561] Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure
3990| [59360] Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS
3991| [57753] Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS
3992| [57589] Microsoft IIS FTP Server NLST Command Remote Overflow
3993| [56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass
3994| [55269] Microsoft IIS Traversal GET Request Remote DoS
3995| [54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass
3996| [52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing
3997| [52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS
3998| [52238] Microsoft IIS IDC Extension XSS
3999| [49899] Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Password Manipulation
4000| [49730] Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS
4001| [49059] Microsoft IIS IPP Service Unspecified Remote Overflow
4002| [45583] Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass
4003| [43451] Microsoft IIS HTTP Request Smuggling
4004| [41456] Microsoft IIS File Change Handling Local Privilege Escalation
4005| [41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution
4006| [41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass
4007| [41063] Microsoft IIS ODBC Tool newdsn.exe Remote DSN Creation
4008| [41057] Microsoft IIS w/ .NET MS-DOS Device Request Blacklist Bypass
4009| [35950] Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution
4010| [33457] Microsoft IIS Crafted TCP Connection Range Header DoS
4011| [28260] Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
4012| [27152] Microsoft Windows IIS ASP Page Processing Overflow
4013| [27087] Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
4014| [23590] Microsoft IIS Traversal Arbitrary FPSE File Access
4015| [21805] Microsoft IIS Crafted URL Remote DoS
4016| [21537] Microsoft IIS Log File Permission Weakness Remote Modification
4017| [18926] Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
4018| [17124] Microsoft IIS Malformed WebDAV Request DoS
4019| [17123] Microsoft IIS Multiple Unspecified Admin Pages XSS
4020| [17122] Microsoft IIS Permission Weakness .COM File Upload
4021| [15749] Microsoft IIS / Site Server code.asp Arbitrary File Access
4022| [15342] Microsoft IIS Persistent FTP Banner Information Disclosure
4023| [14229] Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
4024| [13985] Microsoft IIS Malformed HTTP Request Log Entry Spoofing
4025| [13760] Microsoft IIS Malformed URL Request DoS
4026| [13759] Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow
4027| [13634] Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS
4028| [13558] Microsoft IIS SSL Request Resource Exhaustion DoS
4029| [13507] Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access
4030| [13479] Microsoft IIS for Far East Parsed Page Source Disclosure
4031| [13473] Microsoft IIS on FAT Partition Local ASP Source Disclosure
4032| [13439] Microsoft IIS HTTP Request Malformed Content-Length Parsing Remote DoS
4033| [13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure
4034| [13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure
4035| [13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure
4036| [13430] Microsoft IIS aexp4.htr Password Policy Bypass
4037| [13429] Microsoft IIS aexp3.htr Password Policy Bypass
4038| [13428] Microsoft IIS aexp2b.htr Password Policy Bypass
4039| [13427] Microsoft IIS aexp2.htr Password Policy Bypass
4040| [13426] Microsoft IIS NTLM Authentication Request Parsing Remote Information Disclosure
4041| [13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS
4042| [11455] Microsoft IIS / PWS DOS Filename Request Access Bypass
4043| [11452] Microsoft IIS Double Byte Code Arbitrary Source Disclosure
4044| [11277] Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure
4045| [11257] Microsoft IIS Malformed GET Request DoS
4046| [11157] Microsoft IIS FTP Service PASV Connection Saturation DoS
4047| [11101] Microsoft IIS Multiple Slash ASP Page Request DoS
4048| [9315] Microsoft IIS getdrvs.exe ODBC Sample Information Disclosure
4049| [9314] Microsoft IIS mkilog.exe ODBC Sample Arbitrary Command Execution
4050| [9200] Microsoft IIS Unspecified XSS Variant
4051| [9199] Microsoft IIS shtml.dll XSS
4052| [8098] Microsoft IIS Virtual Directory ASP Source Disclosure
4053| [7807] Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure
4054| [7737] Microsoft IIS ASP Redirection Function XSS
4055| [7265] Microsoft IIS .ASP Session ID Disclosure and Hijacking
4056| [5851] Microsoft IIS Single Dot Source Code Disclosure
4057| [5736] Microsoft IIS Relative Path System Privilege Escalation
4058| [5693] Microsoft MS00-060 Patch IIS Malformed Request DoS
4059| [5633] Microsoft IIS Invalid WebDAV Request DoS
4060| [5606] Microsoft IIS WebDAV PROPFIND Request DoS
4061| [5584] Microsoft IIS URL Redirection Malformed Length DoS
4062| [5566] Microsoft IIS Form_VBScript.asp XSS
4063| [5316] Microsoft IIS ISAPI HTR Chunked Encoding Overflow
4064| [4864] Microsoft IIS TRACK Logging Failure
4065| [4863] Microsoft IIS Active Server Page Header DoS
4066| [4791] Microsoft IIS Response Object DoS
4067| [4655] Microsoft IIS ssinc.dll Long Filename Overflow
4068| [4535] Microsoft Media Services ISAPI nsiislog.dll POST Overflow
4069| [3512] Microsoft IIS ODBC Tool getdrvrs.exe Remote DSN Creation
4070| [3500] Microsoft IIS fpcount.exe Remote Overflow
4071| [3341] Microsoft IIS Redirect Response XSS
4072| [3339] Microsoft IIS HTTP Error Page XSS
4073| [3338] Microsoft IIS Help File XSS
4074| [3328] Microsoft IIS FTP Status Request DoS
4075| [3326] Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS
4076| [3325] Microsoft IIS HTR ISAPI Overflow
4077| [3323] Microsoft IIS ISAPI .printer Extension Host Header Overflow
4078| [3320] Microsoft IIS ASP Server-Side Include Buffer Overflow
4079| [3316] Microsoft IIS HTTP Header Field Delimiter Overflow
4080| [3301] Microsoft IIS ASP Chunked Encoding Variant Heap Overflow
4081| [3284] Microsoft IIS Winmsdp.exe Arbitrary File Retrieval
4082| [3231] Microsoft IIS Log Bypass
4083| [2106] Microsoft Media Services ISAPI nsiislog.dll Overflow
4084| [1931] Microsoft IIS MIME Content-Type Header DoS
4085| [1930] Microsoft IIS SSI ssinc.dll Filename Handling Overflow
4086| [1826] Microsoft IIS Domain Guest Account Disclosure
4087| [1824] Microsoft IIS FTP DoS
4088| [1804] Microsoft IIS Long Request Parsing Remote DoS
4089| [1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS
4090| [1750] Microsoft IIS File Fragment Disclosure
4091| [1543] Microsoft NT/IIS Invalid URL Request DoS
4092| [1504] Microsoft IIS File Permission Canonicalization Bypass
4093| [1465] Microsoft IIS .htr Missing Variable DoS
4094| [1325] Microsoft IIS Malformed Filename Request File Fragment Disclosure
4095| [1322] Microsoft IIS Malformed .htr Request DoS
4096| [1281] Microsoft IIS Escaped Character Saturation Remote DoS
4097| [1261] Microsoft IIS Chunked Transfer Encoding Remote Overflow DoS
4098| [1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access
4099| [1170] Microsoft IIS Escape Character URL Access Bypass
4100| [1083] Microsoft IIS FTP NO ACCESS Read/Delete File
4101| [1082] Microsoft IIS Domain Resolution Access Bypass
4102| [1041] Microsoft IIS Malformed HTTP Request Header DoS
4103| [1020] Microsoft IIS ISAPI GetExtensionVersion() Privilege Escalation
4104| [930] Microsoft IIS Shared ASP Cache Information Disclosure
4105| [929] Microsoft IIS FTP Server NLST Command Overflow
4106| [928] Microsoft IIS Long Request Log Evasion
4107| [815] Microsoft IIS ASP.NET trace.axd Application Tracing Information Disclosure
4108| [814] Microsoft IIS global.asa Remote Information Disclosure
4109| [782] Microsoft IIS / Site Server codebrws.asp Arbitrary File Access
4110| [771] Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation
4111| [768] Microsoft IIS ASP Chunked Encoding Heap Overflow
4112| [636] Microsoft IIS sqlqhit.asp Sample Script CiScope Parameter Information Disclosure
4113| [630] Microsoft IIS Multiple Malformed Header Field Internal IP Address Disclosure
4114| [568] Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow
4115| [564] Microsoft IIS ISM.dll Fragmented Source Disclosure
4116| [556] Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution
4117| [525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution
4118| [482] Microsoft IIS FrontPage Server Extensions (FPSE) Malformed Form DoS
4119| [475] Microsoft IIS bdir.htr Arbitrary Directory Listing
4120| [474] Microsoft IIS / Site Server viewcode.asp Arbitrary File Access
4121| [473] Microsoft IIS Multiple .cnf File Information Disclosure
4122| [471] Microsoft IIS ServerVariables_Jscript.asp Path Disclosure
4123| [470] Microsoft IIS Form_JScript.asp XSS
4124| [463] Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
4125| [436] Microsoft IIS Unicode Remote Command Execution
4126| [425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing
4127| [391] Microsoft IIS IDA/IDQ Document Root Path Disclosure
4128| [390] Microsoft IIS Translate f: Request ASP Source Disclosure
4129| [308] Microsoft IIS Malformed File Extension URL DoS
4130| [285] Microsoft IIS repost.asp File Upload
4131| [284] Microsoft IIS IISADMPWD Virtual Directory Information Enumeration
4132| [283] Microsoft IIS /iissamples Multiple Sample Scripts Installed
4133| [277] Microsoft IIS / PWS %2e Request ASP Source Disclosure
4134| [276] Microsoft IIS ASP::$DATA Stream Request ASP Source Disclosure
4135| [275] Microsoft IIS newdsn.exe Remote Arbitrary File Creation
4136| [274] Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
4137| [273] Microsoft IIS Upgrade ism.dll Local Privilege Escalation
4138| [272] Microsoft IIS MDAC RDS Arbitrary Remote Command Execution
4139| [271] Microsoft IIS WebHits null.htw .asp Source Disclosure
4140| [98] Microsoft IIS perl.exe HTTP Path Disclosure
4141| [97] Microsoft IIS ISM.DLL HTR Request Overflow
4142| [96] Microsoft IIS idq.dll Traversal Arbitrary File Access
4143| [7] Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
4144| [4] Microsoft IIS ExAir advsearch.asp Direct Request Remote DoS
4145| [3] Microsoft IIS ExAir query.asp Direct Request Remote DoS
4146| [2] Microsoft IIS ExAir search.asp Direct Request DoS
4147|_
4148Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
4149Device type: general purpose
4150Running (JUST GUESSING): Microsoft Windows 2012 (89%)
4151OS CPE: cpe:/o:microsoft:windows_server_2012:r2
4152Aggressive OS guesses: Microsoft Windows Server 2012 or Windows Server 2012 R2 (89%), Microsoft Windows Server 2012 R2 (89%), Microsoft Windows Server 2012 (87%)
4153No exact OS matches for host (test conditions non-ideal).
4154Uptime guess: 303.855 days (since Tue Dec 18 02:16:23 2018)
4155Network Distance: 16 hops
4156TCP Sequence Prediction: Difficulty=264 (Good luck!)
4157IP ID Sequence Generation: Incremental
4158Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
4159
4160TRACEROUTE (using port 80/tcp)
4161HOP RTT ADDRESS
41621 242.20 ms 10.233.204.1
41632 343.18 ms 45.131.4.2
41643 343.23 ms 109.236.95.226
41654 343.25 ms be4380.rcr21.rtm01.atlas.cogentco.com (149.6.110.73)
41665 343.28 ms be3385.ccr42.ams03.atlas.cogentco.com (154.54.58.197)
41676 343.30 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
41687 343.33 ms be2960.ccr22.muc03.atlas.cogentco.com (154.54.36.254)
41698 343.36 ms be2974.ccr51.vie01.atlas.cogentco.com (154.54.58.6)
41709 343.39 ms be3464.ccr51.beg03.atlas.cogentco.com (154.54.59.190)
417110 140.51 ms be3421.ccr31.sof02.atlas.cogentco.com (130.117.0.93)
417211 300.87 ms be3348.rcr21.ist01.atlas.cogentco.com (154.54.57.73)
417312 301.92 ms 149.14.44.18
417413 300.44 ms 159.146.22.234
417514 300.43 ms 66.105.154.212.static.turk.net (212.154.105.66)
417615 300.43 ms 185.182.239.196
417716 300.43 ms 185.182.239.167
4178
4179NSE: Script Post-scanning.
4180Initiating NSE at 23:48
4181Completed NSE at 23:48, 0.00s elapsed
4182Initiating NSE at 23:48
4183Completed NSE at 23:48, 0.00s elapsed
4184#######################################################################################################################################
4185Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 23:48 EDT
4186NSE: Loaded 163 scripts for scanning.
4187NSE: Script Pre-scanning.
4188Initiating NSE at 23:48
4189Completed NSE at 23:48, 0.00s elapsed
4190Initiating NSE at 23:48
4191Completed NSE at 23:48, 0.00s elapsed
4192Initiating Parallel DNS resolution of 1 host. at 23:48
4193Completed Parallel DNS resolution of 1 host. at 23:48, 0.02s elapsed
4194Initiating SYN Stealth Scan at 23:48
4195Scanning 185.182.239.167 [1 port]
4196Discovered open port 443/tcp on 185.182.239.167
4197Completed SYN Stealth Scan at 23:48, 0.21s elapsed (1 total ports)
4198Initiating Service scan at 23:48
4199Scanning 1 service on 185.182.239.167
4200Completed Service scan at 23:48, 13.34s elapsed (1 service on 1 host)
4201Initiating OS detection (try #1) against 185.182.239.167
4202Retrying OS detection (try #2) against 185.182.239.167
4203Initiating Traceroute at 23:48
4204Completed Traceroute at 23:48, 0.65s elapsed
4205Initiating Parallel DNS resolution of 16 hosts. at 23:48
4206Completed Parallel DNS resolution of 16 hosts. at 23:48, 0.39s elapsed
4207NSE: Script scanning 185.182.239.167.
4208Initiating NSE at 23:48
4209Completed NSE at 23:54, 322.24s elapsed
4210Initiating NSE at 23:54
4211Completed NSE at 23:54, 2.84s elapsed
4212Nmap scan report for 185.182.239.167
4213Host is up (0.22s latency).
4214
4215PORT STATE SERVICE VERSION
4216443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
4217| http-brute:
4218|_ Path "/" does not require authentication
4219|_http-chrono: Request times for /; avg: 8598.81ms; min: 8437.72ms; max: 8782.38ms
4220|_http-csrf: Couldn't find any CSRF vulnerabilities.
4221|_http-date: Fri, 18 Oct 2019 03:48:12 GMT; -40s from local time.
4222|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
4223|_http-dombased-xss: Couldn't find any DOM based XSS.
4224|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
4225|_http-errors: ERROR: Script execution failed (use -d to debug)
4226|_http-feed: Couldn't find any feeds.
4227|_http-fetch: Please enter the complete path of the directory to save data in.
4228| http-headers:
4229| Content-Type: text/html; charset=us-ascii
4230| Server: Microsoft-HTTPAPI/2.0
4231| Date: Fri, 18 Oct 2019 03:48:17 GMT
4232| Connection: close
4233| Content-Length: 315
4234|
4235|_ (Request type: GET)
4236|_http-jsonp-detection: Couldn't find any JSONP endpoints.
4237|_http-mobileversion-checker: No mobile version detected.
4238| http-security-headers:
4239| Strict_Transport_Security:
4240|_ HSTS not configured in HTTPS Server
4241|_http-server-header: Microsoft-HTTPAPI/2.0
4242| http-sitemap-generator:
4243| Directory structure:
4244| Longest directory structure:
4245| Depth: 0
4246| Dir: /
4247| Total files found (by extension):
4248|_
4249|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
4250|_http-title: Not Found
4251| http-vhosts:
4252|_127 names had status 404
4253|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
4254|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
4255|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
4256|_http-xssed: No previously reported XSS vuln.
4257| vulscan: VulDB - https://vuldb.com:
4258| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
4259| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
4260| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
4261| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
4262| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
4263| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4264| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4265| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4266| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4267| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4268| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4269| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4270| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4271| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4272| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4273| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4274| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4275| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4276| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4277| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
4278| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
4279| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
4280| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
4281| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
4282| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
4283| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
4284| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
4285| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
4286| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
4287| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
4288| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
4289| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
4290| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
4291| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
4292| [114524] Microsoft ASP.NET Core 2.0 denial of service
4293| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
4294| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
4295| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
4296| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
4297| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
4298| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
4299| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
4300| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
4301| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
4302| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4303| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4304| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
4305| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
4306| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
4307| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
4308| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
4309| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
4310| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
4311| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
4312| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
4313| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
4314| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
4315| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
4316| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
4317| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
4318| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
4319| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
4320| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
4321| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
4322| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
4323| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4324| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
4325| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
4326| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4327| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4328| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4329| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
4330| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
4331| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4332| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4333| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
4334| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
4335| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
4336| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
4337| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
4338| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
4339| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
4340| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
4341| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4342| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
4343| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
4344| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
4345| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
4346| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
4347| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
4348| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
4349| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
4350| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
4351| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
4352| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
4353| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
4354| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
4355| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
4356| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
4357| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
4358| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4359| [98085] Microsoft Excel 2007 SP3 memory corruption
4360| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
4361| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
4362| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
4363| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
4364| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
4365| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
4366| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
4367| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
4368| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
4369| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
4370| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
4371| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4372| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
4373| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
4374| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
4375| [93541] Microsoft Office 2007 SP3 denial of service
4376| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
4377| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
4378| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
4379| [93396] Microsoft Office 2007/2010/2011 memory corruption
4380| [93395] Microsoft Office 2007/2010/2011 memory corruption
4381| [93394] Microsoft Office 2007/2010 memory corruption
4382| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
4383| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
4384| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4385| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
4386| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4387| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4388| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4389| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
4390| [91545] Microsoft Office 2007/2010 memory corruption
4391| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4392| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
4393| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
4394| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
4395| [90705] Microsoft Office 2007/2010/2011 memory corruption
4396| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4397| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
4398| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
4399| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
4400| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
4401| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
4402| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
4403| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
4404| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
4405| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
4406| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
4407| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
4408| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
4409| [87147] Microsoft Office 2007/2010 memory corruption
4410| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
4411| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
4412| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
4413| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
4414| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
4415| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
4416| [81272] Microsoft Office 2007/2010/2013 memory corruption
4417| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
4418| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4419| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4420| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4421| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
4422| [79505] Microsoft Office 2007 memory corruption
4423| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
4424| [79503] Microsoft Office 2007/2010/2013 memory corruption
4425| [79502] Microsoft Office 2007/2010/2011 memory corruption
4426| [79501] Microsoft Office 2007/2010 memory corruption
4427| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
4428| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
4429| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
4430| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
4431| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
4432| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
4433| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
4434| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
4435| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
4436| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
4437| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
4438| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
4439| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
4440| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
4441| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
4442| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
4443| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
4444| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
4445| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
4446| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
4447| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
4448| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
4449| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
4450| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
4451| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
4452| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
4453| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
4454| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
4455| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
4456| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
4457| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
4458| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
4459| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
4460| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
4461| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
4462| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
4463| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
4464| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
4465| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
4466| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
4467| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
4468| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
4469| [68408] Microsoft Excel 2007/2010/2013 memory corruption
4470| [68407] Microsoft Excel 2007/2010 memory corruption
4471| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
4472| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
4473| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
4474| [68188] Microsoft Word 2007 File memory corruption
4475| [68187] Microsoft Word 2007 File memory corruption
4476| [68186] Microsoft Word 2007 File memory corruption
4477| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
4478| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
4479| [71337] Microsoft Office 2000/2004/XP memory corruption
4480| [67355] Microsoft OneNote 2007 File Processing privilege escalation
4481| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
4482| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
4483| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
4484| [13545] Microsoft Word 2007 Embedded Font memory corruption
4485| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
4486| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
4487| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
4488| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
4489| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
4490| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
4491| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
4492| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
4493| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
4494| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
4495| [12844] Microsoft Word 2007/2010 Office File memory corruption
4496| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
4497| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
4498| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
4499| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
4500| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
4501| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
4502| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
4503| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
4504| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
4505| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
4506| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
4507| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
4508| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
4509| [10648] Microsoft Word 2007 Word File memory corruption
4510| [10647] Microsoft Word 2003 Word File memory corruption
4511| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
4512| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
4513| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
4514| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
4515| [10244] Microsoft Office 2003 SP3 Word File memory corruption
4516| [10243] Microsoft Office 2003/2007 Word File memory corruption
4517| [10242] Microsoft Office 2007 Word File memory corruption
4518| [10241] Microsoft Office 2007 Word File memory corruption
4519| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
4520| [10239] Microsoft Office 2003/2007 Word File memory corruption
4521| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
4522| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
4523| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
4524| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
4525| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
4526| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
4527| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
4528| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
4529| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
4530| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
4531| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
4532| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
4533| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
4534| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
4535| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
4536| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
4537| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
4538| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
4539| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
4540| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
4541| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
4542| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
4543| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
4544| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
4545| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
4546| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
4547| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
4548| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
4549| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
4550| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
4551| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
4552| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
4553| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
4554| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
4555| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
4556| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
4557| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
4558| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
4559| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
4560| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
4561| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
4562| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
4563| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
4564| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
4565| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
4566| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
4567| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
4568| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
4569| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
4570| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
4571| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
4572| [6830] Microsoft Word 2007/2010 File memory corruption
4573| [6819] Microsoft Excel 2007 File memory corruption
4574| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
4575| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
4576| [6621] Microsoft Word 2007 PAPX memory corruption
4577| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
4578| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
4579| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
4580| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
4581| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
4582| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
4583| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
4584| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
4585| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
4586| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
4587| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
4588| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
4589| [5643] Microsoft SharePoint 2007/2010 information disclosure
4590| [5642] Microsoft SharePoint 2007 cross site request forgery
4591| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
4592| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
4593| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
4594| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
4595| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
4596| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
4597| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
4598| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
4599| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
4600| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
4601| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
4602| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
4603| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
4604| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
4605| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
4606| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
4607| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
4608| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
4609| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
4610| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
4611| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
4612| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
4613| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
4614| [4480] Microsoft Excel 2003 memory corruption
4615| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
4616| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
4617| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
4618| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
4619| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
4620| [4470] Microsoft Office 2003 SP3 memory corruption
4621| [4453] Microsoft Excel 2003 Record Parser memory corruption
4622| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
4623| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
4624| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
4625| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
4626| [59005] Microsoft Host Integration Server 2004 denial of service
4627| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
4628| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
4629| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
4630| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
4631| [58488] Microsoft Office 2007/2010 memory corruption
4632| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
4633| [4411] Microsoft Excel 2003 memory corruption
4634| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
4635| [58240] Microsoft Visio 2003/2007 memory corruption
4636| [58237] Microsoft Visio 2003/2007/2010 memory corruption
4637| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
4638| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
4639| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
4640| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
4641| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
4642| [57691] Microsoft SQL Server 2008 Web Service information disclosure
4643| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
4644| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
4645| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
4646| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
4647| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
4648| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
4649| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
4650| [4369] Microsoft Excel 2002/2003/2007 memory corruption
4651| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
4652| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
4653| [57420] Microsoft PowerPoint 2002/2003 memory corruption
4654| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
4655| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
4656| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
4657| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
4658| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
4659| [57076] Microsoft Excel 2002/2003 memory corruption
4660| [57075] Microsoft Excel 2002/2003 memory corruption
4661| [57074] Microsoft Excel 2002 memory corruption
4662| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
4663| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
4664| [4332] Microsoft PowerPoint 2007/2010 memory corruption
4665| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
4666| [56475] Microsoft Office 2004/2008 memory corruption
4667| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
4668| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
4669| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
4670| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
4671| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
4672| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
4673| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
4674| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
4675| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
4676| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
4677| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
4678| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
4679| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
4680| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
4681| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
4682| [55765] Microsoft Office 2003/Xp Integer memory corruption
4683| [55764] Microsoft Office 2003/Xp memory corruption
4684| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
4685| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
4686| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
4687| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
4688| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
4689| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
4690| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
4691| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
4692| [55420] Microsoft Office 2007/2010 memory corruption
4693| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
4694| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
4695| [55411] Microsoft PowerPoint 2002/2003 memory corruption
4696| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
4697| [54995] Microsoft Office 2004/2008 memory corruption
4698| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
4699| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
4700| [54992] Microsoft Excel 2002 memory corruption
4701| [54991] Microsoft Office 2004 Future memory corruption
4702| [54990] Microsoft Office 2004 memory corruption
4703| [54989] Microsoft Office 2004/2008 memory corruption
4704| [54988] Microsoft Excel 2002 memory corruption
4705| [54987] Microsoft Excel 2002 memory corruption
4706| [54986] Microsoft Excel 2002/2003 memory corruption
4707| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
4708| [54984] Microsoft Office 2004/2008 memory corruption
4709| [54983] Microsoft Excel 2002 Integer memory corruption
4710| [54980] Microsoft Word 2002/2003 memory corruption
4711| [54979] Microsoft Word 2002 memory corruption
4712| [54978] Microsoft Word 2002 memory corruption
4713| [54977] Microsoft Word 2002 Heap-based memory corruption
4714| [54976] Microsoft Word 2002 memory corruption
4715| [54975] Microsoft Word 2002 memory corruption
4716| [54974] Microsoft Word 2002 memory corruption
4717| [54973] Microsoft Word 2002 memory corruption
4718| [54972] Microsoft Word 2002 memory corruption
4719| [54971] Microsoft Word 2002 memory corruption
4720| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
4721| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
4722| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
4723| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
4724| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
4725| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
4726| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
4727| [54554] Microsoft Groove 2007 mso.dll memory corruption
4728| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
4729| [54322] Microsoft Word 2002/2003 memory corruption
4730| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
4731| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
4732| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
4733| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
4734| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
4735| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
4736| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
4737| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
4738| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
4739| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
4740| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
4741| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
4742| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
4743| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
4744| [53505] Microsoft Excel 2002/2007 memory corruption
4745| [53501] Microsoft Excel 2002 memory corruption
4746| [53500] Microsoft Excel 2002 memory corruption
4747| [53499] Microsoft Excel 2002 memory corruption
4748| [53495] Microsoft Excel 2002/2003/2007 memory corruption
4749| [53494] Microsoft Excel 2002 Stack-based memory corruption
4750| [53504] Microsoft Excel 2002 memory corruption
4751| [53503] Microsoft Excel 2002 Stack-Based memory corruption
4752| [53502] Microsoft Excel 2002 Heap-based memory corruption
4753| [53498] Microsoft Excel 2002 Stack-based memory corruption
4754| [53497] Microsoft Excel 2002 memory corruption
4755| [53496] Microsoft Excel 2002 memory corruption
4756| [53493] Microsoft Excel 2002/2003/2007 memory corruption
4757| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
4758| [53366] Microsoft ASP.NET 2.0 cross site scripting
4759| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
4760| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
4761| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
4762| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
4763| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
4764| [52773] Microsoft Visio 2002/2003/2007 memory corruption
4765| [52772] Microsoft Visio 2002/2003/2007 memory corruption
4766| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
4767| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
4768| [52543] Microsoft Virtual PC 2007 unknown vulnerability
4769| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
4770| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
4771| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
4772| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
4773| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
4774| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
4775| [4090] Microsoft Excel 2002/2003/2007 memory corruption
4776| [52036] Microsoft Windows 2000 MsgBox memory corruption
4777| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
4778| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
4779| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
4780| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
4781| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
4782| [51799] Microsoft PowerPoint 2002/2003 memory corruption
4783| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
4784| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
4785| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
4786| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
4787| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
4788| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
4789| [51074] Microsoft Office 2002/2003 Integer memory corruption
4790| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
4791| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
4792| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
4793| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
4794| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
4795| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
4796| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
4797| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
4798| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
4799| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
4800| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
4801| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
4802| [50443] Microsoft PowerPoint 2007 Integer memory corruption
4803| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
4804| [49866] Microsoft Windows Server 2003 memory corruption
4805| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
4806| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
4807| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
4808| [49745] Microsoft Windows Server 2003 denial of service
4809| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
4810| [49394] Microsoft Windows Server 2003 memory corruption
4811| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
4812| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
4813| [49198] Microsoft Visual Studio 2005 information disclosure
4814| [49047] Microsoft Virtual Server 2005 privilege escalation
4815| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
4816| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
4817| [49044] Microsoft ISA Server 2006 privilege escalation
4818| [3999] Microsoft Office 2007 Pointer memory corruption
4819| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
4820| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
4821| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
4822| [48517] Microsoft Windows 2000 Memory Leak memory corruption
4823| [48516] Microsoft Windows Server 2008 unknown vulnerability
4824| [48512] Microsoft Windows Server 2008 unknown vulnerability
4825| [48515] Microsoft Office Word Viewer 2003 memory corruption
4826| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
4827| [48554] Microsoft Excel 2000/2003/2007 memory corruption
4828| [48157] Microsoft PowerPoint 2002 Sound memory corruption
4829| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
4830| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
4831| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
4832| [48150] Microsoft PowerPoint 2002 Sound memory corruption
4833| [48147] Microsoft PowerPoint 2002 Sound memory corruption
4834| [48146] Microsoft PowerPoint 2002 Integer memory corruption
4835| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
4836| [48153] Microsoft PowerPoint 2002 Sound memory corruption
4837| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
4838| [48149] Microsoft PowerPoint 2002 memory corruption
4839| [48148] Microsoft PowerPoint 2002 Sound memory corruption
4840| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
4841| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
4842| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
4843| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
4844| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
4845| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
4846| [47719] Microsoft Windows 2000 Stack-based memory corruption
4847| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
4848| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
4849| [47715] Microsoft Windows 2000 Wordpad memory corruption
4850| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
4851| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
4852| [3952] Microsoft ISA Server 2004/2006 denial of service
4853| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
4854| [47091] Microsoft Windows Server 2008 unknown vulnerability
4855| [47090] Microsoft Windows Server 2008 unknown vulnerability
4856| [3939] Microsoft Windows 2000 DNS spoofing
4857| [3938] Microsoft Windows 2000 SSL weak authentication
4858| [3937] Microsoft Windows 2000 memory corruption
4859| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
4860| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
4861| [46455] Microsoft Exchange Server 2007 denial of service
4862| [46454] Microsoft Exchange Server 2007 memory corruption
4863| [46453] Microsoft Visio 2002/2003/2007 memory corruption
4864| [46452] Microsoft Visio 2002/2003/2007 memory corruption
4865| [46451] Microsoft Visio 2002/2003/2007 memory corruption
4866| [46327] Microsoft Word 2007 information disclosure
4867| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
4868| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
4869| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
4870| [45379] Microsoft Office SharePoint Server 2007 denial of service
4871| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
4872| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
4873| [3891] Microsoft Excel 2000/2002/2003 memory corruption
4874| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
4875| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
4876| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
4877| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
4878| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
4879| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
4880| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
4881| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
4882| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
4883| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
4884| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
4885| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
4886| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
4887| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
4888| [45197] Microsoft Windows 2000 nskey.dll memory corruption
4889| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
4890| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
4891| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
4892| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
4893| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
4894| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
4895| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
4896| [3844] Microsoft Excel 2003 REPT memory corruption
4897| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
4898| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
4899| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
4900| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
4901| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
4902| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
4903| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
4904| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
4905| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
4906| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
4907| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
4908| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
4909| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
4910| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
4911| [43657] Microsoft Office 2000/2003/Xp memory corruption
4912| [43654] Microsoft SharePoint Server 2007 memory corruption
4913| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
4914| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
4915| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
4916| [3796] Microsoft Office 2000 WPG memory corruption
4917| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
4918| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
4919| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
4920| [3792] Microsoft Office 2000 EPS File memory corruption
4921| [3783] Microsoft Word 2002 memory corruption
4922| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
4923| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
4924| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
4925| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
4926| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
4927| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
4928| [42816] Microsoft Word 2000/2003 memory corruption
4929| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
4930| [42731] Microsoft Windows Server 2003 denial of service
4931| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
4932| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
4933| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
4934| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
4935| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
4936| [41880] Microsoft Project 2000/2002/2003 memory corruption
4937| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
4938| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
4939| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
4940| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
4941| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
4942| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
4943| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
4944| [41453] Microsoft Excel 2000/2002/2003 memory corruption
4945| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
4946| [41451] Microsoft Excel 2000/2002/2003 memory corruption
4947| [41450] Microsoft Excel 2000 memory corruption
4948| [41449] Microsoft Excel 2000/2002/2003 memory corruption
4949| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
4950| [3648] Microsoft Excel 2003 memory corruption
4951| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
4952| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
4953| [41002] Microsoft Office 2000/2003/Xp memory corruption
4954| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
4955| [41000] Microsoft Works 2005/8.0 memory corruption
4956| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
4957| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
4958| [40987] Microsoft Windows 2000 denial of service
4959| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
4960| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
4961| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
4962| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
4963| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
4964| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
4965| [39655] Microsoft Windows Server 2003 spoofing
4966| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
4967| [3373] Microsoft Word 2000/2002 memory corruption
4968| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
4969| [38899] Microsoft ISA Server 2004 information disclosure
4970| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
4971| [38326] Microsoft Windows 2000 attemptwrite memory corruption
4972| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
4973| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
4974| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
4975| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
4976| [37738] Microsoft Office 2002/2003 memory corruption
4977| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
4978| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
4979| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
4980| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
4981| [37566] Microsoft Excel 2003 unknown vulnerability
4982| [37526] Microsoft Windows 2000/Server 2003 denial of service
4983| [37248] Microsoft Visio 2002 Packaging memory corruption
4984| [37251] Microsoft Windows 2000 memory corruption
4985| [3119] Microsoft Visio 2002 Object memory corruption
4986| [3118] Microsoft Visio 2002 Data memory corruption
4987| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
4988| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
4989| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
4990| [36616] Microsoft Works 2004/2005/2006 memory corruption
4991| [36621] Microsoft Exchange Server 2000 Integer denial of service
4992| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
4993| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
4994| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
4995| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
4996| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
4997| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
4998| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
4999| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
5000| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
5001| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
5002| [36039] Microsoft Content Management Server 2001 memory corruption
5003| [36052] Microsoft Windows 2000 Heap-based memory corruption
5004| [36051] Microsoft Word 2007 file798-1.doc memory corruption
5005| [36050] Microsoft Word 2007 file789-1.doc memory corruption
5006| [36040] Microsoft Content Management Server 2001 cross site scripting
5007| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
5008| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
5009| [36002] Microsoft Windows 2000/XP denial of service
5010| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
5011| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
5012| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
5013| [35373] Microsoft Excel 2003 denial of service
5014| [35372] Microsoft Office 2003 denial of service
5015| [35206] Microsoft Windows Server 2003/XP Crash denial of service
5016| [35161] Microsoft ISA Server 2004 unknown vulnerability
5017| [35236] Microsoft Publisher 2007 memory corruption
5018| [2939] Microsoft Word 2000 memory corruption
5019| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
5020| [34993] Microsoft Office 2000/2003/Xp memory corruption
5021| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
5022| [35000] Microsoft Word 2000/2002/2003 memory corruption
5023| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
5024| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
5025| [2884] Microsoft Word 2000/2002/2003 memory corruption
5026| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
5027| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
5028| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
5029| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
5030| [34322] Microsoft Office 2000/2003/Xp memory corruption
5031| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
5032| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
5033| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
5034| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
5035| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
5036| [34126] Microsoft Office 2003 memory corruption
5037| [34122] Microsoft Office Web Components 2000 memory corruption
5038| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
5039| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
5040| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
5041| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
5042| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
5043| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
5044| [33766] Microsoft Word 2000/2002/2003 memory corruption
5045| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
5046| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
5047| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
5048| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
5049| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
5050| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
5051| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
5052| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
5053| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
5054| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
5055| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
5056| [32693] Microsoft Word 2004 memory corruption
5057| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
5058| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
5059| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
5060| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
5061| [32694] Microsoft Windows 2000 memory corruption
5062| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
5063| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
5064| [32687] Microsoft Word 2000/2002 memory corruption
5065| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
5066| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
5067| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
5068| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
5069| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
5070| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
5071| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
5072| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
5073| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
5074| [2593] Microsoft ASP.NET 2.0 cross site scripting
5075| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
5076| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
5077| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
5078| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
5079| [141635] Microsoft .NET Core 2.1/2.2 denial of service
5080| [141633] Microsoft Excel up to 2019 memory corruption
5081| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
5082| [141630] Microsoft Windows up to Server 2019 denial of service
5083| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
5084| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
5085| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
5086| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
5087| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
5088| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
5089| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
5090| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
5091| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
5092| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
5093| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
5094| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
5095| [141610] Microsoft Excel up to 2019 information disclosure
5096| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
5097| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
5098| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
5099| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
5100| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
5101| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
5102| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
5103| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
5104| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5105| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5106| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5107| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5108| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5109| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
5110| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
5111| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5112| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5113| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5114| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5115| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
5116| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
5117| [141583] Microsoft Lync Server 2013 Conference directory traversal
5118| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
5119| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
5120| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
5121| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
5122| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
5123| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
5124| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
5125| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
5126| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
5127| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
5128| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
5129| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
5130| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
5131| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
5132| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
5133| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
5134| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
5135| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
5136| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
5137| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
5138| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
5139| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
5140| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
5141| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
5142| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
5143| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
5144| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
5145| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
5146| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
5147| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
5148| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
5149| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
5150| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
5151| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
5152| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
5153| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5154| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5155| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5156| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
5157| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
5158| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5159| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5160| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
5161| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
5162| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
5163| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
5164| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
5165| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
5166| [139911] Microsoft Windows up to Server 2019 denial of service
5167| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
5168| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
5169| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
5170| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
5171| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
5172| [139902] Microsoft Word up to 2019 memory corruption
5173| [139901] Microsoft Outlook up to 2019 memory corruption
5174| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
5175| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
5176| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
5177| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
5178| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
5179| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
5180| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
5181| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
5182| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
5183| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
5184| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
5185| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
5186| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
5187| [139877] Microsoft Outlook up to 2019 memory corruption
5188| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
5189| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
5190| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
5191| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
5192| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
5193| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
5194| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
5195| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
5196| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5197| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5198| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5199| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5200| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5201| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5202| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5203| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5204| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5205| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
5206| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
5207| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
5208| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
5209| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
5210| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
5211| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
5212| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
5213| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
5214| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
5215| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
5216| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
5217| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
5218| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
5219| [137541] Microsoft Windows up to Server 2019 memory corruption
5220| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
5221| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
5222| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
5223| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
5224| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
5225| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
5226| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
5227| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
5228| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
5229| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
5230| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
5231| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
5232| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
5233| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
5234| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
5235| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
5236| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
5237| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
5238| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
5239| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
5240| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
5241| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
5242| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
5243| [136327] Microsoft Lync Server 2010/2013 denial of service
5244| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
5245| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
5246| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
5247| [136323] Microsoft Windows up to Server 2019 denial of service
5248| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
5249| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
5250| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
5251| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
5252| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
5253| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
5254| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
5255| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
5256| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
5257| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
5258| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
5259| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
5260| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
5261| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5262| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
5263| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
5264| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
5265| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5266| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5267| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5268| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5269| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5270| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5271| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
5272| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
5273| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
5274| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
5275| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
5276| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
5277| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
5278| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
5279| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
5280| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
5281| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
5282| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
5283| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
5284| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5285| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
5286| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
5287| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5288| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5289| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
5290| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5291| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5292| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
5293| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
5294| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
5295| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5296| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5297| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5298| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5299| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5300| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5301| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5302| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5303| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5304| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5305| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
5306| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5307| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5308| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5309| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
5310| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
5311| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
5312| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
5313| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
5314| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
5315| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
5316| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
5317| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
5318| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5319| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5320| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
5321| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
5322| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
5323| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
5324| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
5325| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5326| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
5327| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
5328| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5329| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5330| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
5331| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
5332| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
5333| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
5334| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
5335| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
5336| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
5337| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
5338| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
5339| [133204] Microsoft Office/Excel up to 2019 memory corruption
5340| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5341| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5342| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5343| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5344| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
5345| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
5346| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
5347| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
5348| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
5349| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
5350| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
5351| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
5352| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
5353| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
5354| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
5355| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
5356| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
5357| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
5358| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
5359| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
5360| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
5361| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
5362| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
5363| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
5364| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
5365| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
5366| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
5367| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
5368| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
5369| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
5370| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
5371| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
5372| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
5373| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
5374| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
5375| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
5376| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
5377| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
5378| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
5379| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
5380| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
5381| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
5382| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
5383| [131658] Microsoft Windows up to Server 2019 information disclosure
5384| [131657] Microsoft Windows up to Server 2019 denial of service
5385| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
5386| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
5387| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
5388| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
5389| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
5390| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
5391| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
5392| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
5393| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5394| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
5395| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
5396| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
5397| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
5398| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
5399| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
5400| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
5401| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
5402| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
5403| [130832] Microsoft 2013 SP1 spoofing
5404| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
5405| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
5406| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
5407| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
5408| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
5409| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
5410| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5411| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
5412| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
5413| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
5414| [130814] Microsoft Windows up to Server 2019 privilege escalation
5415| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
5416| [130808] Microsoft Windows up to Server 2019 information disclosure
5417| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
5418| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
5419| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
5420| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
5421| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
5422| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
5423| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
5424| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5425| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
5426| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
5427| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
5428| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
5429| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
5430| [130792] Microsoft Windows up to Server 2019 HID information disclosure
5431| [130791] Microsoft Windows up to Server 2019 HID information disclosure
5432| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5433| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5434| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5435| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5436| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5437| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
5438| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
5439| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
5440| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
5441| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
5442| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
5443| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
5444| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
5445| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5446| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5447| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5448| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5449| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5450| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5451| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5452| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5453| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5454| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5455| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
5456| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
5457| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
5458| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
5459| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
5460| [128745] Microsoft Office up to 2019 Word Macro information disclosure
5461| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
5462| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5463| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
5464| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
5465| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
5466| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
5467| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
5468| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
5469| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
5470| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
5471| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
5472| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
5473| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
5474| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
5475| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
5476| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
5477| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
5478| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
5479| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
5480| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
5481| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
5482| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
5483| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
5484| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
5485| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
5486| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
5487| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
5488| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
5489| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
5490| [127817] Microsoft Excel up to 2019 information disclosure
5491| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
5492| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
5493| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
5494| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
5495| [127806] Microsoft Outlook up to 2019 memory corruption
5496| [127805] Microsoft Excel up to 2019 memory corruption
5497| [127804] Microsoft Excel up to 2019 memory corruption
5498| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
5499| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
5500| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
5501| [126755] Microsoft .NET Core 2.1 privilege escalation
5502| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
5503| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
5504| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
5505| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
5506| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5507| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
5508| [126744] Microsoft Office up to 2019 Word memory corruption
5509| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
5510| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
5511| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
5512| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
5513| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
5514| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
5515| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
5516| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
5517| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
5518| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5519| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5520| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
5521| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
5522| [126718] Microsoft Windows up to Server 2016 Search memory corruption
5523| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
5524| [126716] Microsoft Office up to 2019 Excel memory corruption
5525| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
5526| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
5527| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
5528| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
5529| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
5530| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
5531| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
5532| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
5533| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
5534| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
5535| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
5536| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
5537| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
5538| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
5539| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
5540| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
5541| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
5542| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5543| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5544| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5545| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5546| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
5547| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
5548| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
5549| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5550| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
5551| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
5552| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
5553| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
5554| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
5555| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
5556| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
5557| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
5558| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
5559| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
5560| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
5561| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
5562| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
5563| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
5564| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
5565| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
5566| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5567| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
5568| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
5569| [123849] Microsoft Windows up to Server 2016 SMB denial of service
5570| [123846] Microsoft Office 2016 on Win/Mac memory corruption
5571| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
5572| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5573| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5574| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
5575| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
5576| [123827] Microsoft Windows up to Server 2016 Image memory corruption
5577| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
5578| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
5579| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
5580| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
5581| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
5582| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
5583| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
5584| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
5585| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5586| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
5587| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
5588| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5589| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
5590| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
5591| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
5592| [122848] Microsoft Windows Security Feature 2FA weak authentication
5593| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
5594| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
5595| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
5596| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
5597| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5598| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
5599| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
5600| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
5601| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
5602| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
5603| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
5604| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5605| [121098] Microsoft Office 2016/2016 C2R memory corruption
5606| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
5607| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
5608| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5609| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
5610| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
5611| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
5612| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
5613| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
5614| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5615| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
5616| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5617| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5618| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5619| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5620| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5621| [119459] Microsoft Windows up to Server 2016 memory corruption
5622| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
5623| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
5624| [119455] Microsoft Windows up to Server 2016 denial of service
5625| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5626| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
5627| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
5628| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
5629| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
5630| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
5631| [119436] Microsoft Windows up to Server 2016 memory corruption
5632| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
5633| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
5634| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
5635| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
5636| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
5637| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
5638| [117507] Microsoft Infopath 2013 SP1 memory corruption
5639| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
5640| [117504] Microsoft Office 2010 SP2 information disclosure
5641| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
5642| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
5643| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5644| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
5645| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
5646| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
5647| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
5648| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
5649| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5650| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5651| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5652| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5653| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5654| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5655| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
5656| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
5657| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
5658| [116132] Microsoft Office 2016 Memory information disclosure
5659| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5660| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
5661| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
5662| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
5663| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
5664| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
5665| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5666| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
5667| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
5668| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
5669| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
5670| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
5671| [116023] Microsoft Office up to 2016 C2R information disclosure
5672| [116022] Microsoft Excel 2010 SP2 memory corruption
5673| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
5674| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
5675| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5676| [116017] Microsoft Excel up to 2016 C2R memory corruption
5677| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
5678| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5679| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
5680| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
5681| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
5682| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
5683| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
5684| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
5685| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
5686| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
5687| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
5688| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
5689| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
5690| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5691| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
5692| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
5693| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
5694| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5695| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5696| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5697| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5698| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5699| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5700| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5701| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5702| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5703| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5704| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5705| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
5706| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
5707| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
5708| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
5709| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
5710| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
5711| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
5712| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
5713| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
5714| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
5715| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
5716| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
5717| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
5718| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
5719| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
5720| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
5721| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
5722| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
5723| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
5724| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
5725| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
5726| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
5727| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
5728| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
5729| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
5730| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
5731| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
5732| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
5733| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
5734| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
5735| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
5736| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
5737| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
5738| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
5739| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
5740| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
5741| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
5742| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
5743| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
5744| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5745| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5746| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
5747| [113232] Microsoft Excel 2016 memory corruption
5748| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
5749| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
5750| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
5751| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
5752| [111567] Microsoft Office 2010/2013/2016 memory corruption
5753| [111564] Microsoft Word 2016 memory corruption
5754| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
5755| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
5756| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5757| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
5758| [110553] Microsoft Office 2016 C2R information disclosure
5759| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
5760| [110551] Microsoft Excel 2016 C2R memory corruption
5761| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
5762| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
5763| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
5764| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
5765| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
5766| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
5767| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
5768| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
5769| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
5770| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
5771| [107759] Microsoft Windows up to Server 2016 SMB denial of service
5772| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5773| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5774| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
5775| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
5776| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
5777| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
5778| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
5779| [107738] Microsoft Windows up to Server 2016 Search information disclosure
5780| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
5781| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
5782| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
5783| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5784| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5785| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5786| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
5787| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
5788| [107698] Microsoft Office 2016 memory corruption
5789| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
5790| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
5791| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
5792| [106529] Microsoft PowerPoint 2016 memory corruption
5793| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
5794| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
5795| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
5796| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
5797| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
5798| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
5799| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
5800| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
5801| [106474] Microsoft Office 2016 memory corruption
5802| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
5803| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
5804| [106470] Microsoft Excel 2011 on Mac memory corruption
5805| [106455] Microsoft Exchange Server 2013/2016 information disclosure
5806| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
5807| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
5808| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
5809| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
5810| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
5811| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
5812| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
5813| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
5814| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
5815| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
5816| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
5817| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
5818| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
5819| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
5820| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
5821| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
5822| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
5823| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
5824| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
5825| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5826| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
5827| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
5828| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
5829| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
5830| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
5831| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
5832| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
5833| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
5834| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
5835| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
5836| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
5837| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
5838| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
5839| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
5840| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
5841| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
5842| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
5843| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
5844| [102463] Microsoft Project Server 2013 SP1 cross site scripting
5845| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
5846| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
5847| [102446] Microsoft Office up to 2016 privilege escalation
5848| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
5849| [102443] Microsoft Office up to 2016 privilege escalation
5850| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
5851| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
5852| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
5853| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
5854| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
5855| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
5856| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
5857| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
5858| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
5859| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5860| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
5861| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
5862| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5863| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
5864| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5865| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5866| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5867| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
5868| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
5869| [101019] Microsoft Skype for Business 2016 memory corruption
5870| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
5871| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
5872| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
5873| [101014] Microsoft Office 2010 SP2/2016 memory corruption
5874| [101013] Microsoft Office 2010 SP2/2016 memory corruption
5875| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
5876| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
5877| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
5878| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
5879| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
5880| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
5881| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
5882| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
5883| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
5884| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
5885| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
5886| [98096] Microsoft Exchange 2013 SP1 privilege escalation
5887| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
5888| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
5889| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
5890| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
5891| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
5892| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
5893| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
5894| [98081] Microsoft Excel up to 2016 information disclosure
5895| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5896| [98079] Microsoft Word 2016 memory corruption
5897| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
5898| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
5899| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
5900| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
5901| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
5902| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
5903| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
5904| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
5905| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
5906| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
5907| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
5908| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
5909| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
5910| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
5911| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
5912| [94451] Microsoft Office 2011 memory corruption
5913| [94447] Microsoft Office 2010 SP2 memory corruption
5914| [94446] Microsoft Office 2016 memory corruption
5915| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
5916| [94443] Microsoft Office up to 2016 information disclosure
5917| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
5918| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
5919| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
5920| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
5921| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
5922| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
5923| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
5924| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
5925| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
5926| [93393] Microsoft Office up to 2016 memory corruption
5927| [93392] Microsoft Office up to 2016 memory corruption
5928| [93391] Microsoft Office up to 2016 memory corruption
5929| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
5930| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
5931| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
5932| [92584] Microsoft Office up to 2016 memory corruption
5933| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
5934| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
5935| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
5936| [91555] Microsoft Exchange 2013/2016 Link spoofing
5937| [91550] Microsoft Office 2016 memory corruption
5938| [91547] Microsoft Office 2010 memory corruption
5939| [91543] Microsoft Office up to 2016 memory corruption
5940| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
5941| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
5942| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
5943| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
5944| [89043] Microsoft Office up to 2016 memory corruption
5945| [89041] Microsoft Office up to 2016 memory corruption
5946| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
5947| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
5948| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5949| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
5950| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
5951| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
5952| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
5953| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
5954| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
5955| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
5956| [87936] Microsoft Office up to 2016 memory corruption
5957| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
5958| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
5959| [87149] Microsoft Office up to 2016 memory corruption
5960| [87148] Microsoft Office 2010 Graphics memory corruption
5961| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
5962| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
5963| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
5964| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
5965| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
5966| [81274] Microsoft Office up to 2016 memory corruption
5967| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
5968| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
5969| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
5970| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
5971| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
5972| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
5973| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
5974| [80870] Microsoft Office up to 2016 memory corruption
5975| [80868] Microsoft Office up to 2016 memory corruption
5976| [80867] Microsoft Office up to 2016 memory corruption
5977| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
5978| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
5979| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
5980| [80231] Microsoft Excel up to 2016 Office Document memory corruption
5981| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
5982| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
5983| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
5984| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
5985| [80218] Microsoft Office up to 2016 ASLR privilege escalation
5986| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
5987| [80216] Microsoft Office up to 2016 Office Document memory corruption
5988| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
5989| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
5990| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
5991| [79500] Microsoft Office 2010/2011/2016 memory corruption
5992| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
5993| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
5994| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
5995| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
5996| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
5997| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
5998| [77638] Microsoft Lync Server 2013 cross site scripting
5999| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
6000| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
6001| [77050] Microsoft Office up to 2016 memory corruption
6002| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
6003| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
6004| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
6005| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
6006| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
6007| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
6008| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
6009| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
6010| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
6011| [66976] Microsoft Access 2010 VBA Datatype denial of service
6012| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
6013| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
6014| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
6015| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
6016| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
6017| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
6018| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
6019| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
6020| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
6021| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
6022| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
6023| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
6024| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
6025| [69156] Microsoft Office 2010 Object memory corruption
6026| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
6027| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
6028| [68191] Microsoft SharePoint 2010 cross site scripting
6029| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
6030| [67518] Microsoft Lync 2013 denial of service
6031| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
6032| [67516] Microsoft Lync 2010/2013 denial of service
6033| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
6034| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
6035| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
6036| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
6037| [13228] Microsoft Office 2013 Document privilege escalation
6038| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
6039| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
6040| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
6041| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
6042| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
6043| [12183] Microsoft .NET Framework 2/4 DTD denial of service
6044| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
6045| [11468] Microsoft Exchange 2010/2013 cross site scripting
6046| [11466] Microsoft Office 2013 File Response information disclosure
6047| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
6048| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
6049| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
6050| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
6051| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
6052| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
6053| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
6054| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
6055| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
6056| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
6057| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
6058| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
6059| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
6060| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
6061| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
6062| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
6063| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
6064| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
6065| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
6066| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
6067| [7343] Microsoft Lync 2012 HTTP Format String
6068| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
6069| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
6070| [6831] Microsoft Office Picture Manager 2010 File memory corruption
6071| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
6072| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
6073| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
6074| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
6075| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
6076| [5641] Microsoft SharePoint 2010 cross site scripting
6077| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
6078| [12311] Microsoft Lync 2010 Search race condition
6079| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
6080| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
6081| [60208] Microsoft Visio Viewer 2010 memory corruption
6082| [60207] Microsoft Visio Viewer 2010 memory corruption
6083| [60206] Microsoft Visio Viewer 2010 memory corruption
6084| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
6085| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
6086| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
6087| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
6088| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
6089| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
6090| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
6091| [4424] Microsoft Host Integration Server up to 2010 denial of service
6092| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
6093| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
6094| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
6095| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
6096| [4414] Microsoft SharePoint 2010 cross site scripting
6097| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
6098| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
6099| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
6100| [56028] Microsoft Data Access Components 2.8 memory corruption
6101| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
6102| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
6103| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
6104| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
6105| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
6106| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
6107| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
6108| [4009] Microsoft NET Framework 2.x/3.x denial of service
6109| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
6110| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
6111| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
6112| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
6113| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
6114| [32692] Microsoft XML Core Services up to 2.6 memory corruption
6115| [32691] Microsoft XML Core Services up to 2.6 memory corruption
6116|
6117| MITRE CVE - https://cve.mitre.org:
6118| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
6119| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
6120| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
6121| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
6122| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
6123| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
6124| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
6125| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
6126| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
6127| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
6128| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
6129| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
6130| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
6131| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
6132| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
6133| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
6134| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
6135| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
6136| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
6137| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
6138| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
6139| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
6140| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
6141| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
6142| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
6143| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
6144| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
6145| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
6146| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
6147| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
6148| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
6149| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
6150| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
6151| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
6152| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
6153| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
6154| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
6155| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
6156| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
6157| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
6158| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
6159| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
6160| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
6161| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
6162| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
6163| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
6164| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
6165| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
6166| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
6167| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6168| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6169| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6170| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6171| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6172| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6173| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6174| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6175| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6176| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6177| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6178| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6179| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6180| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6181| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6182| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6183| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6184| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6185| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6186| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6187| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6188| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6189| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6190| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6191| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6192| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6193| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6194| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6195| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6196| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
6197| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
6198| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
6199| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
6200| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
6201| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
6202| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
6203| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
6204| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
6205| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
6206| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
6207| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
6208| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
6209| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
6210| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
6211| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
6212| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
6213| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
6214| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
6215| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
6216| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
6217| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
6218| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
6219| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
6220| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
6221| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
6222| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
6223| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
6224| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
6225| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
6226| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
6227| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
6228| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
6229| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
6230| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
6231| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
6232| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
6233| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
6234| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
6235| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
6236| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
6237| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
6238| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
6239| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
6240| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
6241| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
6242| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
6243| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
6244| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
6245| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
6246| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
6247| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
6248| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
6249| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
6250| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
6251| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
6252| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
6253| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
6254| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
6255| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
6256| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
6257| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
6258| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
6259| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
6260| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
6261| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
6262| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
6263| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
6264| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
6265| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
6266| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
6267| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
6268| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
6269| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
6270| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
6271| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
6272| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
6273| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
6274| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
6275| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
6276| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
6277| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
6278| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
6279| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
6280| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
6281| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
6282| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
6283| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
6284| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
6285| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
6286| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
6287| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
6288| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
6289| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
6290| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
6291| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
6292| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
6293| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
6294| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
6295| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
6296| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
6297| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
6298| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
6299| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
6300| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
6301| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
6302| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
6303| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
6304| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
6305| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
6306| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
6307| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
6308| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
6309| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
6310| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
6311| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
6312| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
6313| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
6314| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
6315| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
6316| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
6317| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
6318| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
6319| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
6320| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
6321| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
6322| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
6323| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
6324| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
6325| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
6326| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
6327| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
6328| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
6329| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
6330| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
6331| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
6332| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
6333| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
6334| [CVE-2011-1990] Microsoft Excel 2007 SP2
6335| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
6336| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
6337| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
6338| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
6339| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
6340| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
6341| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
6342| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
6343| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
6344| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
6345| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
6346| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
6347| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
6348| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
6349| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
6350| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
6351| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
6352| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
6353| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
6354| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
6355| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
6356| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
6357| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
6358| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
6359| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6360| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6361| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6362| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6363| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6364| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6365| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6366| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6367| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6368| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6369| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
6370| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6371| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6372| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6373| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
6374| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
6375| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
6376| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
6377| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
6378| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
6379| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
6380| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
6381| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
6382| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
6383| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
6384| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
6385| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
6386| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
6387| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
6388| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
6389| [CVE-2011-1275] Microsoft Excel 2002 SP3
6390| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
6391| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6392| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
6393| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
6394| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
6395| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
6396| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
6397| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
6398| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
6399| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
6400| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
6401| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
6402| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
6403| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
6404| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6405| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6406| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6407| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6408| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6409| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6410| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6411| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6412| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6413| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6414| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6415| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6416| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6417| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6418| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6419| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6420| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6421| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6422| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
6423| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6424| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
6425| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
6426| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
6427| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6428| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6429| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6430| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6431| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6432| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6433| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6434| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6435| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6436| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6437| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
6438| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6439| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
6440| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
6441| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
6442| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
6443| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6444| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
6445| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
6446| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
6447| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
6448| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
6449| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
6450| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
6451| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6452| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6453| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
6454| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
6455| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
6456| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
6457| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
6458| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
6459| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
6460| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
6461| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
6462| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
6463| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
6464| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
6465| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
6466| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
6467| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
6468| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
6469| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
6470| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
6471| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
6472| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
6473| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
6474| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
6475| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
6476| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
6477| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
6478| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
6479| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
6480| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
6481| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
6482| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
6483| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
6484| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
6485| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
6486| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
6487| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
6488| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
6489| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
6490| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
6491| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
6492| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
6493| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
6494| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
6495| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
6496| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
6497| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
6498| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
6499| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
6500| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
6501| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
6502| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
6503| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
6504| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
6505| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
6506| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
6507| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
6508| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
6509| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
6510| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
6511| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
6512| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
6513| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
6514| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
6515| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
6516| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
6517| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
6518| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
6519| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
6520| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
6521| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
6522| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
6523| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
6524| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
6525| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
6526| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
6527| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
6528| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
6529| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
6530| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
6531| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
6532| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
6533| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
6534| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
6535| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6536| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
6537| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
6538| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
6539| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
6540| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
6541| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
6542| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
6543| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
6544| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
6545| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
6546| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
6547| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
6548| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
6549| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
6550| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
6551| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
6552| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
6553| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
6554| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
6555| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
6556| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
6557| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
6558| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
6559| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
6560| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
6561| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
6562| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
6563| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
6564| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
6565| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
6566| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
6567| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
6568| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
6569| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
6570| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
6571| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
6572| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
6573| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
6574| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
6575| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
6576| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
6577| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
6578| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
6579| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
6580| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
6581| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
6582| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
6583| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
6584| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
6585| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
6586| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
6587| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
6588| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
6589| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
6590| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
6591| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
6592| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
6593| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
6594| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
6595| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
6596| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
6597| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
6598| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
6599| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
6600| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
6601| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
6602| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
6603| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
6604| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
6605| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
6606| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
6607| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
6608| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
6609| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
6610| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
6611| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
6612| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
6613| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
6614| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
6615| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
6616| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
6617| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
6618| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
6619| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
6620| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
6621| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
6622| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
6623| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
6624| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
6625| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
6626| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
6627| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
6628| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
6629| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
6630| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
6631| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
6632| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
6633| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
6634| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
6635| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
6636| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
6637| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
6638| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
6639| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
6640| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
6641| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
6642| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
6643| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
6644| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
6645| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
6646| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
6647| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
6648| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
6649| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
6650| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
6651| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
6652| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6653| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
6654| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
6655| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
6656| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
6657| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
6658| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
6659| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
6660| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
6661| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
6662| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
6663| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
6664| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
6665| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
6666| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
6667| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
6668| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
6669| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
6670| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
6671| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
6672| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
6673| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
6674| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
6675| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
6676| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
6677| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
6678| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
6679| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
6680| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
6681| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
6682| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
6683| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
6684| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
6685| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
6686| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
6687| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
6688| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
6689| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
6690| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
6691| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
6692| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
6693| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
6694| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
6695| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
6696| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
6697| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
6698| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
6699| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
6700| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
6701| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
6702| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
6703| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
6704| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6705| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
6706| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6707| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6708| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
6709| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6710| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
6711| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
6712| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
6713| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
6714| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
6715| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
6716| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
6717| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
6718| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
6719| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
6720| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
6721| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
6722| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
6723| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
6724| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
6725| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
6726| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
6727| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
6728| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
6729| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
6730| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
6731| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
6732| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
6733| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
6734| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
6735| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
6736| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
6737| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
6738| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
6739| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
6740| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
6741| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
6742| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
6743| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
6744| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
6745| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
6746| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
6747| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
6748| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
6749| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
6750| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
6751| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
6752| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
6753| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
6754| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
6755| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
6756| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
6757| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
6758| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
6759| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
6760| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
6761| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
6762| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
6763| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
6764| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
6765| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
6766| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
6767| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
6768| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
6769| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
6770| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
6771| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
6772| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
6773| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
6774| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
6775| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
6776| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
6777| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
6778| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
6779| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
6780| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
6781| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
6782| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
6783| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
6784| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
6785| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
6786| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
6787| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
6788| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
6789| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6790| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
6791| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
6792| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
6793| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
6794| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
6795| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
6796| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
6797| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
6798| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
6799| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
6800| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
6801| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
6802| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
6803| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
6804| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
6805| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
6806| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
6807| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
6808| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
6809| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
6810| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
6811| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
6812| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
6813| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
6814| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
6815| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
6816| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
6817| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6818| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
6819| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
6820| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
6821| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
6822| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
6823| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
6824| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
6825| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
6826| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
6827| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
6828| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
6829| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
6830| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
6831| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
6832| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
6833| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
6834| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
6835| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
6836| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
6837| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
6838| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
6839| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
6840| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
6841| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
6842| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
6843| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
6844| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
6845| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
6846| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
6847| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
6848| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
6849| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
6850| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
6851| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
6852| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
6853| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
6854| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
6855| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
6856| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
6857| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6858| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
6859| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
6860| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
6861| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
6862| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
6863| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
6864| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
6865| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
6866| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6867| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
6868| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
6869| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
6870| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
6871| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
6872| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
6873| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
6874| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
6875| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
6876| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
6877| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
6878| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6879| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6880| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6881| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6882| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6883| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6884| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
6885| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
6886| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
6887| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
6888| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
6889| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
6890| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
6891| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
6892| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
6893| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
6894| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
6895| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
6896| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
6897| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
6898| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
6899| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
6900| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
6901| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
6902| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
6903| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
6904| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
6905| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
6906| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
6907| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
6908| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
6909| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
6910| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
6911| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
6912| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
6913| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
6914| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
6915| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
6916| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
6917| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
6918| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
6919| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
6920| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
6921| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
6922| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
6923| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
6924| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
6925| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
6926| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
6927| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
6928| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
6929| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
6930| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
6931| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
6932| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
6933| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
6934| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
6935| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
6936| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
6937| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
6938| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
6939| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
6940| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
6941| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
6942| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
6943| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
6944| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
6945| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
6946| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
6947| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
6948| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
6949| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
6950| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
6951| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
6952| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
6953| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
6954| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
6955| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
6956| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
6957| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
6958| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
6959| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
6960| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
6961| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
6962| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
6963| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
6964| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
6965| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
6966| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
6967| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
6968| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
6969| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
6970| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
6971| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
6972| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
6973| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
6974| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
6975| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
6976| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
6977| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
6978| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
6979| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
6980| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
6981| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
6982| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
6983| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
6984| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
6985| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
6986| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
6987| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
6988| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
6989| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
6990| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
6991| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
6992| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
6993| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
6994| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
6995| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
6996| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
6997| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
6998| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
6999| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
7000| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
7001| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
7002| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
7003| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
7004| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
7005| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
7006| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
7007| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
7008| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
7009| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
7010| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
7011| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
7012| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
7013| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
7014| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
7015| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
7016| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
7017| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
7018| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
7019| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
7020| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
7021| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
7022| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
7023| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
7024| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
7025| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
7026| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
7027| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
7028| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
7029| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
7030| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
7031| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
7032| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
7033| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
7034| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
7035| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
7036| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
7037| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
7038| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
7039| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
7040| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
7041| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
7042| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
7043| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
7044| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
7045| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
7046| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
7047| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
7048| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
7049| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
7050| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
7051| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
7052| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
7053| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
7054| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
7055| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
7056| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
7057| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
7058| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
7059| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
7060| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
7061| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
7062| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
7063| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
7064| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
7065| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
7066| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
7067| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
7068| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
7069| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
7070| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
7071| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
7072| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
7073| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
7074| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
7075| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
7076| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
7077| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
7078| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
7079| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
7080| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
7081| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
7082| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
7083| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
7084| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
7085| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
7086| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
7087| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
7088| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
7089| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
7090| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
7091| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
7092| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
7093| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
7094| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
7095| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
7096| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
7097| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
7098| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
7099| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
7100| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
7101| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
7102| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
7103| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
7104| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
7105| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
7106| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
7107| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
7108| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
7109| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
7110| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
7111| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
7112| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
7113| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
7114| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
7115| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
7116| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
7117| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
7118| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
7119| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
7120| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
7121| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
7122| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
7123| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
7124| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
7125| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
7126| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
7127| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
7128| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
7129| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
7130| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
7131| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
7132| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
7133| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
7134| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
7135| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
7136| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
7137| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
7138| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
7139| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
7140| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
7141| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
7142| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
7143| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
7144| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
7145| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
7146| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
7147| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
7148| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
7149| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
7150| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
7151| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
7152| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
7153| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
7154| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
7155| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
7156| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
7157| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
7158| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
7159| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
7160| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
7161| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
7162| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
7163| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
7164| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
7165| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
7166| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
7167| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
7168| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
7169| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
7170| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
7171| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
7172| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
7173| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
7174| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
7175| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
7176| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
7177| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
7178| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
7179| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
7180| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
7181| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
7182| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
7183| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
7184| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
7185| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
7186| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
7187| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
7188| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
7189| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
7190| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
7191| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
7192| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
7193| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
7194| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
7195| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
7196| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
7197| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
7198| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
7199| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
7200| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
7201| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
7202| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
7203| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
7204| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
7205| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
7206| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
7207| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
7208| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
7209| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
7210| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
7211| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
7212| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
7213| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
7214| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
7215| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
7216| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
7217| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
7218| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
7219| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
7220| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
7221| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
7222| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
7223| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
7224| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
7225| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
7226| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
7227| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
7228| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
7229| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
7230| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
7231| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
7232| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
7233| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
7234| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
7235| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
7236| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
7237| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
7238| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
7239| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
7240| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
7241| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
7242| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
7243| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
7244| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
7245| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
7246| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
7247| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
7248| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
7249| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
7250| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
7251| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
7252| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
7253| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
7254| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
7255| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
7256| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
7257| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
7258| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
7259| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
7260| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
7261| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
7262| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
7263| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
7264| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
7265| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
7266| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
7267| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
7268| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
7269| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
7270| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
7271| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
7272| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
7273| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
7274| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
7275| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
7276| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
7277| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
7278| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
7279| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
7280| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
7281| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
7282| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
7283| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
7284| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
7285| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
7286| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
7287| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
7288| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
7289| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
7290| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
7291| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
7292| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
7293| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
7294| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
7295| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
7296| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
7297| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
7298| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
7299| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
7300| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
7301| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
7302| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
7303| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
7304| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
7305| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
7306| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
7307| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
7308| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
7309| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
7310| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
7311| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
7312| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
7313| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
7314| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
7315| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
7316| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
7317| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
7318| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
7319| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
7320| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
7321| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
7322| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
7323| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
7324| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
7325| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
7326| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
7327| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
7328| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
7329| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
7330| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
7331| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
7332| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
7333| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
7334| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
7335| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
7336| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
7337| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
7338| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
7339| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
7340| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
7341| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
7342| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
7343| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
7344| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
7345| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
7346| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
7347| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
7348| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
7349| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
7350| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
7351| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
7352| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
7353| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
7354| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
7355| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
7356| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
7357| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
7358| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
7359| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
7360| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
7361| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
7362| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
7363| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
7364| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
7365| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
7366| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
7367| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
7368| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
7369| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
7370| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
7371| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
7372| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
7373| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
7374| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
7375| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
7376| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
7377| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
7378| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
7379| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
7380| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
7381| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
7382| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
7383| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
7384| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
7385| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
7386| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
7387| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
7388| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
7389| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
7390| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
7391| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
7392| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
7393| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
7394| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
7395| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
7396| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
7397| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
7398| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
7399| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
7400| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
7401| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
7402| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
7403| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
7404| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
7405| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
7406| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
7407| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
7408| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
7409| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
7410| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
7411| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
7412| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
7413| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
7414| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
7415| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
7416| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
7417| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
7418| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
7419| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
7420| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
7421| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
7422| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
7423| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
7424| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
7425| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
7426| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
7427| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
7428| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
7429| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
7430| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
7431| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
7432| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
7433| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
7434| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
7435| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
7436| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
7437| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
7438| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
7439| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
7440| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
7441| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
7442| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
7443| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
7444| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
7445| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
7446| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
7447| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
7448| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
7449| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
7450| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
7451| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
7452| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
7453| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
7454| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
7455| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
7456| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
7457| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
7458| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
7459| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
7460| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
7461| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
7462| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
7463| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
7464| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
7465| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
7466| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
7467| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
7468| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
7469| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
7470| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
7471| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
7472| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
7473| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
7474| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
7475| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
7476| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
7477| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
7478| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
7479| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
7480| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
7481| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
7482| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
7483| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
7484| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
7485| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
7486| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
7487| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
7488| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
7489| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
7490| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
7491| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
7492| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
7493| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
7494| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
7495| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
7496| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
7497| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
7498| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
7499| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
7500| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
7501| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
7502| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
7503| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
7504| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
7505| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
7506| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
7507| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
7508| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
7509| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
7510| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
7511| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
7512| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
7513| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
7514| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
7515| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
7516| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
7517| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
7518| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
7519| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
7520| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
7521| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
7522| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
7523| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
7524| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
7525| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
7526| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
7527| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
7528| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
7529| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
7530| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
7531| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
7532| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
7533| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
7534| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
7535| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
7536| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
7537| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
7538| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
7539| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
7540| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
7541| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
7542| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
7543| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
7544| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
7545| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
7546| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
7547| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
7548| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
7549| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
7550| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
7551| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
7552| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
7553| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
7554| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
7555| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
7556| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
7557| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
7558| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
7559| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
7560| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
7561| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
7562| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
7563| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
7564| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
7565| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
7566| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
7567| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
7568| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
7569| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
7570| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
7571| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
7572| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
7573| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
7574| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
7575| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
7576| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
7577| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
7578| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
7579| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
7580| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
7581| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
7582| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
7583| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
7584| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
7585| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
7586| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
7587| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
7588| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
7589| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
7590| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
7591| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
7592| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
7593| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
7594| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
7595| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
7596| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
7597| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
7598| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
7599| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
7600| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
7601| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
7602| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
7603| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
7604| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
7605| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
7606| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
7607| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
7608|
7609| SecurityFocus - https://www.securityfocus.com/bid/:
7610| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
7611| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
7612| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
7613| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
7614| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
7615| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
7616| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
7617| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
7618| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
7619| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
7620| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
7621| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
7622| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
7623| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
7624| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
7625| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
7626| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
7627| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
7628| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
7629| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
7630| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
7631| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
7632| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
7633| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
7634| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
7635| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
7636| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
7637| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
7638| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
7639| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
7640| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
7641| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
7642| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
7643| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
7644| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
7645| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
7646| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
7647| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
7648| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
7649| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
7650| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
7651| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
7652| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
7653| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
7654| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
7655| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
7656| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
7657| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
7658| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
7659| [22716] Microsoft Office 2003 Denial of Service Vulnerability
7660| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
7661| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
7662| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
7663| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
7664| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
7665| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
7666| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
7667| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
7668| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
7669| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
7670| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
7671| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
7672| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
7673| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
7674| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
7675| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
7676| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
7677| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
7678| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
7679| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
7680| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
7681| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
7682| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
7683| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
7684| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
7685| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
7686| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
7687| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
7688| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
7689| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
7690| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
7691| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
7692| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
7693| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
7694| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
7695| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
7696| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
7697| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
7698| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
7699| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
7700| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
7701| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
7702| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
7703| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
7704| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
7705| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
7706| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
7707| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
7708| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
7709| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
7710| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
7711| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
7712| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
7713| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
7714| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
7715| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
7716| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
7717| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
7718| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
7719| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
7720| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
7721| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
7722| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
7723| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
7724| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
7725| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
7726| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
7727| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
7728| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
7729| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
7730| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
7731| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
7732| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
7733| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
7734| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
7735| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
7736| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
7737| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
7738| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
7739| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
7740| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
7741| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
7742| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
7743| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
7744| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
7745| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
7746| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
7747| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
7748| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
7749| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
7750| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
7751| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
7752| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
7753| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
7754| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
7755| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
7756| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
7757| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
7758| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
7759| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
7760| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
7761| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
7762| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
7763| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
7764| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
7765| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
7766| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
7767| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
7768| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
7769| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
7770| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
7771| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
7772| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
7773| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
7774| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
7775| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
7776| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
7777| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
7778| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
7779| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
7780| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
7781| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
7782| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
7783| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
7784| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
7785| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
7786| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
7787| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
7788| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
7789| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
7790| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
7791| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
7792| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
7793| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
7794| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
7795| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
7796| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
7797| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
7798| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
7799| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
7800| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
7801| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
7802| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
7803| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
7804| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
7805| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
7806| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
7807| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
7808| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
7809| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
7810| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
7811| [1197] Microsoft Office 2000 UA Control Vulnerability
7812| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
7813| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
7814| [539] Microsoft Windows 2000 EFS Vulnerability
7815| [180] Microsoft Windows April Fools 2001 Vulnerability
7816| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
7817| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
7818| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
7819| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
7820| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
7821| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
7822| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
7823| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
7824| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
7825| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
7826| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
7827| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
7828| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
7829| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
7830| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
7831| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
7832| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
7833| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
7834| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
7835| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
7836| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
7837| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
7838| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
7839| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
7840| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
7841| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
7842| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
7843| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
7844| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
7845| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
7846| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
7847| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
7848| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
7849| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
7850| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
7851| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
7852| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
7853| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
7854| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
7855| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
7856| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
7857| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
7858| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
7859| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
7860| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
7861| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
7862| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
7863| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
7864| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
7865| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
7866| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
7867| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
7868| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
7869| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
7870| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
7871| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
7872| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
7873| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
7874| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
7875| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
7876| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
7877| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
7878| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
7879| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
7880| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
7881|
7882| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7883| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
7884| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
7885| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
7886| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
7887| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
7888| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
7889| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
7890| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
7891| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
7892| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
7893| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
7894| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
7895| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
7896| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
7897| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
7898| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
7899| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
7900| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
7901| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
7902| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
7903| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
7904| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
7905| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
7906| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
7907| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
7908| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
7909| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
7910| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
7911| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
7912| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
7913| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
7914| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
7915| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
7916| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
7917| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
7918| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
7919| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
7920| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
7921| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
7922| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
7923| [48595] Microsoft Word 2007 Email as PDF information disclosure
7924| [46102] Microsoft Windows 2003 SP2 is not installed on the system
7925| [46101] Microsoft Windows 2003 SP1 is not installed on the system
7926| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
7927| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
7928| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
7929| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
7930| [34599] Microsoft Windows Server 2003 terminal server security bypass
7931| [34473] Microsoft Office 2000 ActiveX control buffer overflow
7932| [33713] Microsoft Word 2007 multiple unspecified denial of service
7933| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
7934| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
7935| [31821] Microsoft Windows time zone update for year 2007
7936| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
7937| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
7938| [29546] Microsoft Windows 2000/2003 user logoff initiated
7939| [29545] Microsoft Windows 2000/2003 system time changed
7940| [29544] Microsoft Windows 2000/2003 system security access removed
7941| [29543] Microsoft Windows 2000/2003 security access granted
7942| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
7943| [29541] Microsoft Windows 2000/2003 primary security token issued
7944| [29540] Microsoft Windows 2000/2003 user password reset successful
7945| [29539] Microsoft Windows 2000/2003 object indirectly accessed
7946| [29538] Microsoft Windows 2000/2003 object handle duplicated
7947| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
7948| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
7949| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
7950| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
7951| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
7952| [29532] Microsoft Windows 2000/2003 IKE security association established
7953| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
7954| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
7955| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
7956| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
7957| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
7958| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
7959| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
7960| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
7961| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
7962| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
7963| [29521] Microsoft Windows 2000/2003 account name changed
7964| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
7965| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
7966| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
7967| [26118] Microsoft Office 2003 mailto: information disclosure
7968| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
7969| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
7970| [24473] Microsoft Windows 2000 event ID 565 not logged
7971| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
7972| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
7973| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
7974| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
7975| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
7976| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
7977| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
7978| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
7979| [22183] Microsoft Exchange Server 2003 public folder denial of service
7980| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
7981| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
7982| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
7983| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
7984| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
7985| [19629] Microsoft Exchange Server 2003 folder denial of service
7986| [17826] Microsoft Outlook 2003 CID security bypass
7987| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
7988| [17621] Microsoft Windows 2003 SMTP service code execution
7989| [17560] Microsoft Windows 2000 and XP GDI library denial of service
7990| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
7991| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
7992| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
7993| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
7994| [16907] Microsoft Windows 2003 users with Create global objects privilege
7995| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
7996| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
7997| [16704] Microsoft Windows 2000 Media Player control code execution
7998| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
7999| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
8000| [16570] Microsoft Windows 2003 Users with Create global objects privilege
8001| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
8002| [16562] Microsoft Windows 2003 Groups with "
8003| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
8004| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
8005| [16520] Microsoft Windows 2003 Create global objects privilege
8006| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
8007| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
8008| [16119] Microsoft Outlook 2000 URL spoofing
8009| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
8010| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
8011| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
8012| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
8013| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
8014| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
8015| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
8016| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
8017| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
8018| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
8019| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
8020| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
8021| [13426] Microsoft Windows 2000 and XP RPC race condition
8022| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
8023| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
8024| [13385] Microsoft Windows Server 2003 "
8025| [13211] Microsoft Windows 2000 and XP URG memory leak
8026| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
8027| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
8028| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
8029| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
8030| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
8031| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
8032| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
8033| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
8034| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
8035| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
8036| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
8037| [11901] Microsoft BizTalk Server 2002 SQL injection
8038| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
8039| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
8040| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
8041| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
8042| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
8043| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
8044| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
8045| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
8046| [11216] Microsoft Windows NT and 2000 command prompt denial of service
8047| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
8048| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
8049| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
8050| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
8051| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
8052| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
8053| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
8054| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
8055| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
8056| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
8057| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
8058| [9779] Microsoft Windows 2000 weak system partition permissions
8059| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
8060| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
8061| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
8062| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
8063| [8867] Microsoft Windows 2000 LanMan denial of service
8064| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
8065| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
8066| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
8067| [8739] Microsoft Windows 2000 DCOM memory leak
8068| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
8069| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
8070| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
8071| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
8072| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
8073| [8199] Microsoft Windows 2000 Terminal Services unlocked client
8074| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
8075| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
8076| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
8077| [8037] Microsoft Windows 2000 empty TCP packet denial of service
8078| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
8079| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
8080| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
8081| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
8082| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
8083| [7533] Microsoft Windows 2000 RunAs service denial of service
8084| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
8085| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
8086| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
8087| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
8088| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
8089| [7008] Microsoft Windows 2000 IrDA device denial of service
8090| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
8091| [6931] Microsoft Windows 2000 without Service Pack 2
8092| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
8093| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
8094| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
8095| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
8096| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
8097| [6669] Microsoft Windows 2000 Telnet system call denial of service
8098| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
8099| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
8100| [6666] Microsoft Windows 2000 Telnet username denial of service
8101| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
8102| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
8103| [6652] Microsoft Exchange 2000 OWA script execution
8104| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
8105| [6506] Microsoft Windows 2000 Server Kerberos denial of service
8106| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
8107| [6160] Microsoft Windows 2000 event viewer buffer overflow
8108| [6136] Microsoft Windows 2000 domain controller denial of service
8109| [6035] Microsoft Windows 2000 Server RDP denial of service
8110| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
8111| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
8112| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
8113| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
8114| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
8115| [5585] Microsoft Windows 2000 brute force attack
8116| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
8117| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
8118| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
8119| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
8120| [5263] Microsoft Office 2000 executes .dll without users knowledge
8121| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
8122| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
8123| [5203] Microsoft Windows 2000 still image service
8124| [5171] Microsoft Windows 2000 Local Security Policy corruption
8125| [5080] Microsoft Office 2000 HTML object tag buffer overflow
8126| [5033] Microsoft Windows 2000 without Service Pack 1
8127| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
8128| [5015] Microsoft Windows NT and 2000 executable path
8129| [4887] Microsoft Windows 2000 Kerberos ticket renewed
8130| [4886] Microsoft Windows 2000 logon session reconnected
8131| [4885] Microsoft Windows 2000 logon session disconnected
8132| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
8133| [4873] Microsoft Windows 2000 user account mapped for logon
8134| [4872] Microsoft Windows 2000 account logon failed
8135| [4871] Microsoft Windows 2000 account used for logon
8136| [4855] Microsoft Windows 2000 group type change
8137| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
8138| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
8139| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
8140| [4819] Microsoft Windows 2000 default SYSKEY configuration
8141| [4787] Microsoft Windows 2000 user account locked out
8142| [4786] Microsoft Windows 2000 computer account created
8143| [4785] Microsoft Windows 2000 computer account changed
8144| [4784] Microsoft Windows 2000 computer account deleted
8145| [4714] Microsoft Windows 2000 "
8146| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
8147| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
8148| [4138] Microsoft Windows 2000 system file integrity feature is disabled
8149| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
8150| [4085] Microsoft Windows 2000 non-Gregorial calendar error
8151| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
8152| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
8153| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
8154| [4080] Microsoft Windows 2000 AOL image support
8155| [4079] Microsoft Windows 2000 High Encryption Pack
8156| [3854] Microsoft Office 2000 security setting
8157| [1376] Microsoft Proxy 2.0 denial of service
8158| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
8159| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
8160| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
8161| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
8162| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
8163| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
8164| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
8165| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
8166| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
8167| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
8168| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
8169| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
8170| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
8171| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
8172| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
8173| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
8174| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
8175| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
8176| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
8177| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
8178| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
8179| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
8180| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
8181| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
8182| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
8183| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
8184| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
8185| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
8186| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
8187| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
8188| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
8189| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
8190| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
8191| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
8192| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
8193| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
8194| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
8195| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
8196| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
8197| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
8198| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
8199| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
8200| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
8201| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
8202| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
8203| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
8204| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
8205| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
8206| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
8207| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
8208| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
8209| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
8210| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
8211| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
8212| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
8213| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
8214| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
8215| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
8216| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
8217| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
8218| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
8219| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
8220| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
8221| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
8222| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
8223| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
8224| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
8225| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
8226| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
8227| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
8228| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
8229| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
8230| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
8231| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
8232| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
8233| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
8234| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
8235| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
8236| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
8237| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
8238| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
8239| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
8240| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
8241| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
8242| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
8243| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
8244| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
8245| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
8246| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
8247| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
8248| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
8249| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
8250| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
8251| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
8252| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
8253| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
8254| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
8255| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
8256| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
8257| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
8258| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
8259| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
8260| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
8261| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
8262| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
8263| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
8264| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
8265| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
8266| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
8267| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
8268| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
8269| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
8270| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
8271| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
8272| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
8273| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
8274| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
8275| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
8276| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
8277| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
8278| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
8279| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
8280| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
8281| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
8282| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
8283| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
8284| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
8285| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
8286| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
8287| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
8288| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
8289| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
8290| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
8291| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
8292| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
8293| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
8294| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
8295| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
8296| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
8297| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
8298| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
8299| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
8300| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
8301| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
8302| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
8303| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
8304| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
8305| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
8306| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
8307| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
8308| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
8309| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
8310| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
8311| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
8312| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
8313| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
8314| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
8315| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
8316| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
8317| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
8318| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
8319| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
8320| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
8321| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
8322| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
8323| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
8324| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
8325| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
8326| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
8327| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
8328| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
8329| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
8330| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
8331| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
8332| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
8333| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
8334| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
8335| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
8336| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
8337| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
8338| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
8339| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
8340| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
8341| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
8342| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
8343| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
8344| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
8345| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
8346| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
8347| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
8348| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
8349| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
8350| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
8351| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
8352| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
8353| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
8354| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
8355| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
8356| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
8357| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
8358| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
8359| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
8360| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
8361| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
8362| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
8363| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
8364| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
8365| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
8366| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
8367| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
8368| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
8369| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
8370| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
8371| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
8372| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
8373| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
8374| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
8375| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
8376| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
8377| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
8378| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
8379| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
8380| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
8381| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
8382| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
8383| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
8384| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
8385| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
8386| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
8387| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
8388| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
8389| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
8390| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
8391| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
8392| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
8393| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
8394| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
8395| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
8396| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
8397| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
8398| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
8399| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
8400| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
8401| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
8402| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
8403| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
8404| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
8405| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
8406| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
8407| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
8408| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
8409| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
8410| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
8411| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
8412| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
8413| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
8414| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
8415| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
8416| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
8417| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
8418| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
8419| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
8420| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
8421| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
8422| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
8423| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
8424| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
8425| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
8426| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
8427| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
8428| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
8429| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
8430| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
8431| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
8432| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
8433| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
8434| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
8435| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
8436| [9146] Microsoft Passport SDK 2.1 events reporting disabled
8437| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
8438| [9067] Microsoft Passport SDK 2.1 default test site exposure
8439| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
8440| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
8441| [9064] Microsoft Passport SDK 2.1 default time window exposure
8442| [1271] Microsoft IIS version 2 installed
8443| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
8444|
8445| Exploit-DB - https://www.exploit-db.com:
8446| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
8447| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
8448| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
8449| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
8450| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
8451| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
8452| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
8453| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
8454| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
8455| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
8456| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
8457| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
8458| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
8459| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
8460| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
8461| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
8462| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
8463| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
8464| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
8465| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
8466| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
8467| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
8468| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
8469| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
8470| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
8471| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
8472| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
8473| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
8474| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
8475| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
8476| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
8477| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
8478| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
8479| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
8480| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
8481| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
8482| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
8483| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
8484| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
8485| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
8486| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
8487| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
8488| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
8489| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
8490| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
8491| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
8492| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
8493| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
8494| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
8495| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
8496| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
8497| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
8498| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
8499| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
8500| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
8501| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
8502| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
8503| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
8504| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
8505| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
8506| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
8507| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
8508| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
8509| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
8510| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
8511| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
8512| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
8513| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
8514| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
8515| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
8516| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
8517| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
8518| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
8519| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
8520| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
8521| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
8522| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
8523| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
8524| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
8525| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
8526| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
8527| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
8528| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
8529| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
8530| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
8531| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
8532| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
8533| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
8534| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
8535| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
8536| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
8537| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
8538| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
8539| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
8540| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
8541| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
8542| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
8543| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
8544| [18334] Microsoft Office 2003 Home/Pro 0day
8545| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
8546| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
8547| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
8548| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
8549| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
8550| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
8551| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
8552| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
8553| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
8554| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
8555| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
8556| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
8557| [3690] microsoft office word 2007 - Multiple Vulnerabilities
8558| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
8559| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
8560| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
8561| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
8562| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
8563| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
8564| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
8565| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
8566| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
8567| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
8568| [22850] Microsoft Office OneNote 2010 Crash PoC
8569| [22679] Microsoft Visio 2010 Crash PoC
8570| [22655] Microsoft Publisher 2013 Crash PoC
8571| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
8572| [22330] Microsoft Office Excel 2010 Crash PoC
8573| [22310] Microsoft Office Publisher 2010 Crash PoC
8574| [22237] Microsoft Office Picture Manager 2010 Crash PoC
8575| [22215] Microsoft Office Word 2010 Crash PoC
8576| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
8577| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
8578| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
8579| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
8580| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
8581| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
8582| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
8583| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
8584| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
8585| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
8586|
8587| OpenVAS (Nessus) - http://www.openvas.org:
8588| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
8589| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
8590| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
8591| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
8592| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
8593| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
8594| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
8595| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
8596| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
8597| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
8598| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
8599| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
8600| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
8601|
8602| SecurityTracker - https://www.securitytracker.com:
8603| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
8604| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
8605| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
8606| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
8607| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
8608| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
8609| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
8610| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
8611| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
8612| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
8613| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
8614| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
8615| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
8616| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
8617| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
8618| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
8619| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
8620| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
8621| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
8622| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
8623| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
8624| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
8625| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
8626| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
8627| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
8628| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
8629| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
8630| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
8631| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
8632| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
8633| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
8634| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
8635| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
8636| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
8637| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
8638| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
8639| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
8640| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
8641| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
8642| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
8643| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
8644| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
8645| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
8646| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
8647| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
8648| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
8649| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
8650| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
8651| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
8652| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
8653| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
8654| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
8655| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
8656| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
8657| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
8658| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
8659| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
8660| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
8661| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
8662|
8663| OSVDB - http://www.osvdb.org:
8664| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
8665| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
8666| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
8667| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
8668| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
8669| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
8670| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
8671| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
8672| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
8673| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
8674| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
8675| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
8676| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
8677| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
8678| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
8679| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
8680| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
8681| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
8682| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
8683| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
8684| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
8685| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
8686| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
8687| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
8688| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
8689| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
8690| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
8691| [28539] Microsoft Word 2000 Unspecified Code Execution
8692| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
8693| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
8694| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
8695| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
8696| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
8697| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
8698| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
8699| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
8700| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
8701| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
8702| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
8703| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
8704| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
8705| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
8706| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
8707| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
8708| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
8709| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
8710| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
8711| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
8712| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
8713| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
8714| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
8715| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
8716| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
8717| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
8718| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
8719| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
8720| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
8721| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
8722| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
8723| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
8724| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
8725| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
8726| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
8727| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
8728| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
8729| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
8730| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
8731| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
8732| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
8733| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
8734| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
8735| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
8736| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
8737| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
8738| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
8739| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
8740| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
8741| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
8742| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
8743| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
8744| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
8745| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
8746| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
8747| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
8748| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
8749| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
8750| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
8751| [8243] Microsoft SMS Port 2702 DoS
8752| [7202] Microsoft PowerPoint 2000 File Loader Overflow
8753| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
8754| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
8755| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
8756| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
8757| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
8758| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
8759| [6965] Microsoft ISA Server 2000 SSL Packet DoS
8760| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
8761| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
8762| [5179] Microsoft Windows 2000 microsoft-ds DoS
8763| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
8764| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
8765| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
8766| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
8767| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
8768| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
8769| [4168] Microsoft Outlook 2002 mailto URI Script Injection
8770| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
8771| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
8772| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
8773| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
8774| [2244] Microsoft Windows 2000 ShellExecute() API Let
8775| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
8776| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
8777| [1764] Microsoft Windows 2000 Domain Controller DoS
8778| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
8779| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
8780| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
8781| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
8782| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
8783| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
8784| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
8785| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
8786| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
8787| [1399] Microsoft Windows 2000 Windows Station Access
8788| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
8789| [1297] Microsoft Windows 2000 Active Directory Object Attribute
8790| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
8791| [773] Microsoft Windows 2000 Group Policy File Lock DoS
8792| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
8793| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
8794| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
8795| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
8796| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
8797| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
8798|_
8799Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
8800Device type: general purpose
8801Running (JUST GUESSING): Microsoft Windows 2012 (89%)
8802OS CPE: cpe:/o:microsoft:windows_server_2012:r2
8803Aggressive OS guesses: Microsoft Windows Server 2012 or Windows Server 2012 R2 (89%), Microsoft Windows Server 2012 R2 (89%), Microsoft Windows Server 2012 (87%)
8804No exact OS matches for host (test conditions non-ideal).
8805Uptime guess: 303.860 days (since Tue Dec 18 02:16:23 2018)
8806Network Distance: 16 hops
8807TCP Sequence Prediction: Difficulty=263 (Good luck!)
8808IP ID Sequence Generation: Incremental
8809Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
8810
8811TRACEROUTE (using port 443/tcp)
8812HOP RTT ADDRESS
88131 239.76 ms 10.233.204.1
88142 339.75 ms 45.131.4.2
88153 339.74 ms 109.236.95.226
88164 339.77 ms hu0-1-0-3.ccr21.ams04.atlas.cogentco.com (149.11.38.225)
88175 339.79 ms be3434.ccr42.ams03.atlas.cogentco.com (154.54.59.49)
88186 339.80 ms be2814.ccr42.fra03.atlas.cogentco.com (130.117.0.142)
88197 339.81 ms be2960.ccr22.muc03.atlas.cogentco.com (154.54.36.254)
88208 339.83 ms be2974.ccr51.vie01.atlas.cogentco.com (154.54.58.6)
88219 339.85 ms be3420.ccr51.beg03.atlas.cogentco.com (130.117.0.70)
882210 138.61 ms be3421.ccr31.sof02.atlas.cogentco.com (130.117.0.93)
882311 297.72 ms be3348.rcr21.ist01.atlas.cogentco.com (154.54.57.73)
882412 296.24 ms 149.14.44.18
882513 294.86 ms 159.146.22.234
882614 294.88 ms 66.105.154.212.static.turk.net (212.154.105.66)
882715 294.95 ms 185.182.239.196
882816 294.99 ms 185.182.239.167
8829
8830NSE: Script Post-scanning.
8831Initiating NSE at 23:54
8832Completed NSE at 23:54, 0.00s elapsed
8833Initiating NSE at 23:54
8834Completed NSE at 23:54, 0.00s elapsed
8835#######################################################################################################################################
8836Version: 1.11.13-static
8837OpenSSL 1.0.2-chacha (1.0.2g-dev)
8838
8839Connected to 185.182.239.167
8840
8841Testing SSL server 185.182.239.167 on port 443 using SNI name 185.182.239.167
8842
8843 TLS Fallback SCSV:
8844Server does not support TLS Fallback SCSV
8845
8846 TLS renegotiation:
8847Session renegotiation not supported
8848
8849 TLS Compression:
8850Compression disabled
8851
8852 Heartbleed:
8853TLS 1.2 not vulnerable to heartbleed
8854TLS 1.1 not vulnerable to heartbleed
8855TLS 1.0 not vulnerable to heartbleed
8856
8857 Supported Server Cipher(s):
8858Preferred SSLv3 112 bits DES-CBC3-SHA
8859Accepted SSLv3 128 bits RC4-SHA
8860Accepted SSLv3 128 bits RC4-MD5
8861
8862 SSL Certificate:
8863Signature Algorithm: sha256WithRSAEncryption
8864RSA Key Strength: 2048
8865
8866Subject: www.izmirimkart.com.tr
8867Altnames: DNS:www.izmirimkart.com.tr, DNS:izmirimkart.com.tr
8868Issuer: RapidSSL RSA CA 2018
8869
8870Not valid before: Jun 24 00:00:00 2019 GMT
8871Not valid after: Jul 23 12:00:00 2020 GMT
8872#######################################################################################################################################
8873Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 23:56 EDT
8874NSE: Loaded 47 scripts for scanning.
8875NSE: Script Pre-scanning.
8876Initiating NSE at 23:56
8877Completed NSE at 23:56, 0.00s elapsed
8878Initiating NSE at 23:56
8879Completed NSE at 23:56, 0.00s elapsed
8880Initiating Ping Scan at 23:56
8881Scanning 185.182.239.167 [4 ports]
8882Completed Ping Scan at 23:56, 0.31s elapsed (1 total hosts)
8883Initiating Parallel DNS resolution of 1 host. at 23:56
8884Completed Parallel DNS resolution of 1 host. at 23:56, 0.02s elapsed
8885Initiating SYN Stealth Scan at 23:56
8886Scanning 185.182.239.167 [65535 ports]
8887Discovered open port 80/tcp on 185.182.239.167
8888Discovered open port 443/tcp on 185.182.239.167
8889SYN Stealth Scan Timing: About 4.32% done; ETC: 00:08 (0:11:26 remaining)
8890SYN Stealth Scan Timing: About 11.41% done; ETC: 00:05 (0:07:54 remaining)
8891SYN Stealth Scan Timing: About 21.45% done; ETC: 00:03 (0:05:33 remaining)
8892SYN Stealth Scan Timing: About 32.98% done; ETC: 00:02 (0:04:06 remaining)
8893SYN Stealth Scan Timing: About 47.70% done; ETC: 00:01 (0:02:46 remaining)
8894SYN Stealth Scan Timing: About 61.73% done; ETC: 00:01 (0:01:52 remaining)
8895SYN Stealth Scan Timing: About 75.48% done; ETC: 00:01 (0:01:09 remaining)
8896Completed SYN Stealth Scan at 00:00, 253.86s elapsed (65535 total ports)
8897Initiating Service scan at 00:00
8898Scanning 2 services on 185.182.239.167
8899Completed Service scan at 00:00, 13.74s elapsed (2 services on 1 host)
8900Initiating OS detection (try #1) against 185.182.239.167
8901Retrying OS detection (try #2) against 185.182.239.167
8902Initiating Traceroute at 00:00
8903Completed Traceroute at 00:00, 0.24s elapsed
8904Initiating Parallel DNS resolution of 2 hosts. at 00:00
8905Completed Parallel DNS resolution of 2 hosts. at 00:00, 0.02s elapsed
8906NSE: Script scanning 185.182.239.167.
8907Initiating NSE at 00:00
8908Completed NSE at 00:01, 11.36s elapsed
8909Initiating NSE at 00:01
8910Completed NSE at 00:01, 2.37s elapsed
8911Nmap scan report for 185.182.239.167
8912Host is up (0.24s latency).
8913Not shown: 65530 filtered ports
8914PORT STATE SERVICE VERSION
891525/tcp closed smtp
891680/tcp open http Microsoft IIS httpd 8.5
8917|_http-server-header: Microsoft-IIS/8.5
8918| vulscan: VulDB - https://vuldb.com:
8919| [68193] Microsoft IIS 8.0/8.5 IP and Domain Restriction privilege escalation
8920| [48519] Microsoft Works 8.5/9.0 memory corruption
8921| [45763] Microsoft Windows Live Messenger up to 8.5.1 unknown vulnerability
8922| [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
8923| [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
8924| [134730] Microsoft Skype 8.35 on Android Bluetooth Listening information disclosure
8925| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
8926| [126799] Microsoft Dynamics 365 8 Web Request Code Execution
8927| [126798] Microsoft Dynamics 365 8 Web Request cross site scripting
8928| [126797] Microsoft Dynamics 365 8 Web Request cross site scripting
8929| [126796] Microsoft Dynamics 365 8 Web Request cross site scripting
8930| [126795] Microsoft Dynamics 365 8 Web Request cross site scripting
8931| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
8932| [121108] Microsoft Mail Client 8.1 information disclosure
8933| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
8934| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
8935| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
8936| [100989] Microsoft Internet Explorer 8/9/10/11 memory corruption
8937| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
8938| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
8939| [93988] Microsoft Desktop Client for Mac up to 8.0.36 privilege escalation
8940| [93755] Microsoft Internet Explorer 8 Ls\xC2\xADFind\xC2\xADSpan\xC2\xADVisual\xC2\xADBoundaries memory corruption
8941| [93535] Microsoft Internet Explorer 8/9/10/11 Regex vbscript.dll RegExpComp::PnodeParse memory corruption
8942| [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption
8943| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
8944| [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation
8945| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
8946| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
8947| [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO information disclosure
8948| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
8949| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
8950| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
8951| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
8952| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
8953| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
8954| [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal memory corruption
8955| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
8956| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
8957| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
8958| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
8959| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
8960| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
8961| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
8962| [80844] Microsoft Internet Explorer 8/9/10/11 MSHTML MSHTML!Method_VARIANTBOOLp_BSTR_o0oVARIANT memory corruption
8963| [80209] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript memory corruption
8964| [79462] Microsoft Internet Explorer 8/9/10/11 memory corruption
8965| [79460] Microsoft Internet Explorer 8/9 memory corruption
8966| [79458] Microsoft Internet Explorer 8/9 memory corruption
8967| [79457] Microsoft Internet Explorer 8/9 memory corruption
8968| [79455] Microsoft Internet Explorer 8/9/10/11 XSS Filter privilege escalation
8969| [79449] Microsoft Internet Explorer 8/9/10/11 XSS Filter privilege escalation
8970| [79448] Microsoft Internet Explorer 8/9/10/11 Scripting Engine memory corruption
8971| [79447] Microsoft Internet Explorer 8/9/10/11 Scripting Engine information disclosure
8972| [79445] Microsoft Internet Explorer 8/9/10/11 memory corruption
8973| [79162] Microsoft Internet Explorer 8/9/10/11 Scripting Engine memory corruption
8974| [79155] Microsoft Internet Explorer 8/9/10/11 memory corruption
8975| [79143] Microsoft Internet Explorer 8/9/10/11 memory corruption
8976| [78390] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine information disclosure
8977| [78386] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine memory corruption
8978| [78384] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine ASLR privilege escalation
8979| [78379] Microsoft Internet Explorer 8/9/10/11 EditWith Broker privilege escalation
8980| [78377] Microsoft Internet Explorer 8 privilege escalation
8981| [78362] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine RegExpBase::FBadHeader memory corruption
8982| [77605] Microsoft Internet Explorer 8 VBScript/JScript Engine memory corruption
8983| [77006] Microsoft Internet Explorer 8/9/10/11 memory corruption
8984| [77004] Microsoft Internet Explorer 8/9/10/11 memory corruption
8985| [76490] Microsoft Internet Explorer 8/9/10/11 Image Caching History information disclosure
8986| [76482] Microsoft Internet Explorer 8 memory corruption
8987| [76479] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
8988| [76474] Microsoft Internet Explorer 8/9 memory corruption
8989| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
8990| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
8991| [76437] Microsoft Internet Explorer 8/9 memory corruption
8992| [75780] Microsoft Internet Explorer 8 memory corruption
8993| [75707] Cisco Unified MeetingPlace for Microsoft Outlook 8.6(1.2)/ 8.6(1.9) cross site scripting
8994| [75322] Microsoft Internet Explorer 8/9 memory corruption
8995| [75319] Microsoft Internet Explorer 8/9/10/11 memory corruption
8996| [75311] Microsoft Internet Explorer 8/9 memory corruption
8997| [75308] Microsoft Internet Explorer 8/9/10/11 VBscript and JScript Engine privilege escalation
8998| [75306] Microsoft Internet Explorer 8/9/10/11 VBScript Engine privilege escalation
8999| [74856] Microsoft Internet Explorer 8/9/10/11 memory corruption
9000| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
9001| [73946] Microsoft Internet Explorer 8/9/10/11 memory corruption
9002| [73943] Microsoft Internet Explorer 8 memory corruption
9003| [73939] Microsoft Internet Explorer 8/9/10/11 VBScript Engine memory corruption
9004| [69137] Microsoft Internet Explorer 8 ASLR privilege escalation
9005| [69136] Microsoft Internet Explorer 8/9 MSHTML SpanQualifier memory corruption
9006| [69135] Microsoft Internet Explorer 8/10 memory corruption
9007| [69131] Microsoft Internet Explorer 8/9 memory corruption
9008| [69130] Microsoft Internet Explorer 8/9/10/11 memory corruption
9009| [68400] Microsoft Internet Explorer 8 memory corruption
9010| [68393] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
9011| [68389] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
9012| [68181] Microsoft Internet Explorer 8/9/10/11 memory corruption
9013| [68176] Microsoft Internet Explorer 8/9/10/11 information disclosure
9014| [68174] Microsoft Internet Explorer 8/9 memory corruption
9015| [68169] Microsoft Internet Explorer 8/9 ASLR privilege escalation
9016| [68211] Microsoft Internet Explorer 8/9/10/11 denial of service
9017| [67821] Microsoft Internet Explorer 8/9/10/11 CAttrArray memory corruption
9018| [67813] Microsoft Internet Explorer 8 memory corruption
9019| [67500] Microsoft Internet Explorer 8/9/10/11 memory corruption
9020| [67494] Microsoft Internet Explorer 8/9/10/11 memory corruption
9021| [67345] Microsoft Internet Explorer 8/9/10/11 memory corruption
9022| [67340] Microsoft Internet Explorer 8 memory corruption
9023| [67337] Microsoft Internet Explorer 8/9 memory corruption
9024| [67007] Microsoft Internet Explorer 8/9/10/11 memory corruption
9025| [67006] Microsoft Internet Explorer 8/9/10 memory corruption
9026| [67002] Microsoft Internet Explorer 8/9/10/11 memory corruption
9027| [67000] Microsoft Internet Explorer 8/9/10/11 memory corruption
9028| [66995] Microsoft Internet Explorer 8/9/10/11 memory corruption
9029| [13542] Microsoft Internet Explorer 8/9/10/11 privilege escalation
9030| [13536] Microsoft Internet Explorer 8 memory corruption
9031| [13518] Microsoft Internet Explorer 8 memory corruption
9032| [13515] Microsoft Internet Explorer 8/9/10/11 memory corruption
9033| [13509] Microsoft Internet Explorer 8 memory corruption
9034| [13499] Microsoft Internet Explorer 8 memory corruption
9035| [13496] Microsoft Internet Explorer 8/9/10/11 privilege escalation
9036| [13027] Microsoft Internet Explorer 8/9 information disclosure
9037| [66605] Microsoft Internet Explorer 8/9/10/11 memory corruption
9038| [12543] Microsoft Internet Explorer 8/9/10/11 memory corruption
9039| [12541] Microsoft Internet Explorer 8/9/10 memory corruption
9040| [12540] Microsoft Internet Explorer 8/9/10/11 memory corruption
9041| [12538] Microsoft Internet Explorer 8/9 memory corruption
9042| [12531] Microsoft Internet Explorer 8/9/10/11 memory corruption
9043| [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control information disclosure
9044| [12252] Microsoft Internet Explorer 8 memory corruption
9045| [12245] Microsoft Internet Explorer 8/9/10/11 memory corruption
9046| [12239] Microsoft Internet Explorer 8/9/10/11 privilege escalation
9047| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
9048| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
9049| [11141] Microsoft Internet Explorer 8/9/10/11 CCaret Object Use-After-Free memory corruption
9050| [11138] Microsoft Internet Explorer 8/9/10/11 CTreePos Object memory corruption
9051| [10623] Microsoft Internet Explorer 8/9 memory corruption
9052| [10215] Microsoft Internet Explorer 8/9 memory corruption
9053| [10214] Microsoft Internet Explorer 8/9/10 memory corruption
9054| [9935] Microsoft Internet Explorer 8/9 memory corruption
9055| [9934] Microsoft Internet Explorer 8/9/10 memory corruption
9056| [9933] Microsoft Internet Explorer 8/9 memory corruption
9057| [9932] Microsoft Internet Explorer 8/9 memory corruption
9058| [10246] Microsoft Internet Explorer 8 Table Tree Use-After-Free memory corruption
9059| [9419] Microsoft Internet Explorer up to 8 memory corruption
9060| [9418] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
9061| [9413] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
9062| [9406] Microsoft Internet Explorer 8/9/10 memory corruption
9063| [9099] Microsoft Internet Explorer 8/9 Use-After-Free memory corruption
9064| [9098] Microsoft Internet Explorer 8 memory corruption
9065| [9095] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
9066| [9084] Microsoft Internet Explorer 8/9/10 _UpdateButtonLocation memory corruption
9067| [9083] Microsoft Internet Explorer 8/9 memory corruption
9068| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
9069| [8718] Microsoft Internet Explorer 8 memory corruption
9070| [8714] Microsoft Internet Explorer 8/9 memory corruption
9071| [8712] Microsoft Internet Explorer 8/9 memory corruption
9072| [8601] Microsoft Internet Explorer 8 'vtable' memory corruption
9073| [8423] Microsoft Internet Explorer up to 8.00.6001.18702 CSS iexplorer.exe denial of service
9074| [7962] Microsoft Internet Explorer up to 8 CTreeNode memory corruption
9075| [7958] Microsoft Internet Explorer up to 8 Celement memory corruption
9076| [7996] Microsoft Windows 8 TrueType Font denial of service
9077| [63558] Microsoft Internet Explorer 8 Use-After-Free memory corruption
9078| [63557] Microsoft Internet Explorer 8/9 Use-After-Free memory corruption
9079| [7511] Microsoft Internet Explorer 8/9 TCP Session information disclosure
9080| [7510] Microsoft Internet Explorer 8/9 HTTP/HTTPS Request spoofing
9081| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
9082| [7199] Microsoft Internet Explorer 8/9 mshtml.dll Unclosed Tags Sequence denial of service
9083| [6513] Microsoft Internet Explorer 8/9 OnMove Engine Use-After-Free memory corruption
9084| [5937] Microsoft Internet Explorer 8/9 JavaScript Parser memory corruption
9085| [5538] Microsoft Internet Explorer 8 Same ID Property Deleted Object memory corruption
9086| [5532] Microsoft Internet Explorer 8/9 HTML Sanitization toStaticHTML String information disclosure
9087| [5530] Microsoft Internet Explorer 8/9 OnRowsInserted Elements memory corruption
9088| [5516] Microsoft Internet Explorer 8/9 memory corruption
9089| [4467] Microsoft Internet Explorer 8 cross site scripting
9090| [4454] Microsoft Internet Explorer 8/9 unknown vulnerability
9091| [59618] Microsoft Internet Explorer 8 unknown vulnerability
9092| [57681] Microsoft Internet Explorer 8/9 memory corruption
9093| [57675] Microsoft Internet Explorer 8 memory corruption
9094| [4372] Microsoft Internet Explorer 8/9 information disclosure
9095| [57130] Microsoft Internet Explorer 8 on Win7 msxml.dll unknown vulnerability
9096| [4340] Microsoft Internet Explorer up to 8 unknown vulnerability
9097| [56786] Microsoft Internet Explorer 8 on Win7 unknown vulnerability
9098| [56785] Microsoft Internet Explorer 8 on Win7 memory corruption
9099| [56412] Microsoft Internet Explorer 8 IEShims.dll unknown vulnerability
9100| [55755] Microsoft Internet Explorer 8 memory corruption
9101| [54961] Microsoft Internet Explorer 8 mshtml.dll InsertIntoTimeoutList information disclosure
9102| [4172] Microsoft Internet Explorer up to 8 CSS cross site scripting
9103| [54339] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
9104| [53805] Microsoft Internet Explorer 8 unknown vulnerability
9105| [53514] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
9106| [53513] Microsoft Internet Explorer 8 memory corruption
9107| [4137] Microsoft Internet Explorer up to 8.0 memory corruption
9108| [4121] Microsoft Internet Explorer 8 XSS Filter cross site scripting
9109| [52505] Microsoft Internet Explorer 8 mstime.dll memory corruption
9110| [52373] Microsoft Internet Explorer 8 on Win7 Use-After-Free memory corruption
9111| [52372] Microsoft Internet Explorer 8 on Win7 Heap-based memory corruption
9112| [51652] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
9113| [51651] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
9114| [50914] Microsoft Internet Explorer 8 cross site scripting
9115| [50910] Microsoft Internet Explorer 8 unknown vulnerability
9116| [4048] Microsoft Internet Explorer up to 8 CSS Declaration memory corruption
9117| [4047] Microsoft Internet Explorer up to 8 DOM Object memory corruption
9118| [4046] Microsoft Internet Explorer up to 8 HTML memory corruption
9119| [3987] Microsoft Internet Explorer up to 8 Row Reference memory corruption
9120| [3982] Microsoft Internet Explorer up to 8 DHTML Call memory corruption
9121| [47244] Microsoft Internet Explorer 8 on Win 7 memory corruption
9122| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
9123| [45451] Microsoft Internet Explorer 8 XSS Filter cross site scripting
9124| [45450] Microsoft Internet Explorer 8 XSS Filter Protection cross site scripting
9125| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
9126| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
9127| [45447] Microsoft Internet Explorer 8 XSS Filter cross site scripting
9128| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
9129| [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption
9130| [34991] Microsoft Visual Studio 8.0 msvcr80.dll denial of service
9131| [33589] Microsoft Windows Live Messenger up to 8.0 denial of service
9132|
9133| MITRE CVE - https://cve.mitre.org:
9134| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9135| [CVE-2011-1215] Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
9136| [CVE-2010-3496] McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
9137| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
9138| [CVE-2009-3032] Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.
9139| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
9140| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
9141| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
9142| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
9143| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
9144| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
9145| [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
9146| [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
9147| [CVE-2004-1312] A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
9148| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
9149| [CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
9150| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
9151| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
9152| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
9153| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
9154| [CVE-2013-3164] Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
9155| [CVE-2013-3163] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
9156| [CVE-2013-3151] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.
9157| [CVE-2013-3149] Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
9158| [CVE-2013-3144] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.
9159| [CVE-2013-3141] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110.
9160| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
9161| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
9162| [CVE-2013-3123] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111.
9163| [CVE-2013-3111] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.
9164| [CVE-2013-3110] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141.
9165| [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report.
9166| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
9167| [CVE-2013-1451] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
9168| [CVE-2013-1450] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.
9169| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
9170| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
9171| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
9172| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
9173| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
9174| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
9175| [CVE-2013-1311] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
9176| [CVE-2013-1307] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811.
9177| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
9178| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
9179| [CVE-2013-1297] Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
9180| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
9181| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
9182| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
9183| [CVE-2013-1288] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
9184| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
9185| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
9186| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
9187| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
9188| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
9189| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
9190| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
9191| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
9192| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9193| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9194| [CVE-2013-0811] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307.
9195| [CVE-2013-0091] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
9196| [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."
9197| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
9198| [CVE-2013-0025] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
9199| [CVE-2013-0024] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
9200| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
9201| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
9202| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
9203| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
9204| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
9205| [CVE-2012-2557] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
9206| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
9207| [CVE-2012-2523] Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
9208| [CVE-2012-1881] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
9209| [CVE-2012-1875] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
9210| [CVE-2012-1874] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
9211| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
9212| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
9213| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
9214| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
9215| [CVE-2012-1529] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."
9216| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
9217| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
9218| [CVE-2012-1523] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
9219| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
9220| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
9221| [CVE-2012-0172] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
9222| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
9223| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
9224| [CVE-2011-2382] Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
9225| [CVE-2011-1999] Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
9226| [CVE-2011-1996] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
9227| [CVE-2011-1992] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
9228| [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.
9229| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
9230| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
9231| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
9232| [CVE-2011-1266] The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
9233| [CVE-2011-1260] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
9234| [CVE-2011-1258] Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."
9235| [CVE-2011-1257] Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
9236| [CVE-2011-1256] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."
9237| [CVE-2011-1255] The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
9238| [CVE-2011-1254] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."
9239| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
9240| [CVE-2011-1251] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."
9241| [CVE-2011-1246] Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."
9242| [CVE-2011-1244] Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
9243| [CVE-2011-0346] Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
9244| [CVE-2011-0038] Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
9245| [CVE-2011-0036] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.
9246| [CVE-2011-0035] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.
9247| [CVE-2010-5071] The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
9248| [CVE-2010-3971] Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
9249| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
9250| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
9251| [CVE-2010-3886] The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
9252| [CVE-2010-3348] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.
9253| [CVE-2010-3346] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
9254| [CVE-2010-3345] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
9255| [CVE-2010-3342] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.
9256| [CVE-2010-3331] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9257| [CVE-2010-3330] Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."
9258| [CVE-2010-3329] mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
9259| [CVE-2010-3328] Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
9260| [CVE-2010-3327] The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."
9261| [CVE-2010-3325] Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
9262| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
9263| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
9264| [CVE-2010-2560] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."
9265| [CVE-2010-2559] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.
9266| [CVE-2010-2558] Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."
9267| [CVE-2010-2556] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9268| [CVE-2010-2442] Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."
9269| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
9270| [CVE-2010-2118] Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
9271| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
9272| [CVE-2010-1991] Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
9273| [CVE-2010-1489] The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
9274| [CVE-2010-1262] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."
9275| [CVE-2010-1261] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9276| [CVE-2010-1260] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
9277| [CVE-2010-1259] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9278| [CVE-2010-1258] Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."
9279| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
9280| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
9281| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
9282| [CVE-2010-0555] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.
9283| [CVE-2010-0494] Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
9284| [CVE-2010-0492] Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
9285| [CVE-2010-0490] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9286| [CVE-2010-0255] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
9287| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
9288| [CVE-2010-0248] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
9289| [CVE-2010-0246] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
9290| [CVE-2010-0245] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
9291| [CVE-2010-0244] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
9292| [CVE-2010-0112] Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file
9293| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
9294| [CVE-2009-4074] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
9295| [CVE-2009-4073] The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
9296| [CVE-2009-3674] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
9297| [CVE-2009-3673] Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9298| [CVE-2009-3671] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
9299| [CVE-2009-3003] Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
9300| [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
9301| [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.
9302| [CVE-2009-2536] Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
9303| [CVE-2009-2531] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.
9304| [CVE-2009-2530] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.
9305| [CVE-2009-2529] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."
9306| [CVE-2009-2069] Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
9307| [CVE-2009-2064] Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
9308| [CVE-2009-2057] Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
9309| [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3
9310| [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
9311| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
9312| [CVE-2009-1016] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate.
9313| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
9314| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
9315| [CVE-2009-0084] Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
9316| [CVE-2009-0072] Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.
9317| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
9318| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
9319| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
9320| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
9321| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
9322| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
9323| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
9324| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9325| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
9326| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
9327| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
9328| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
9329| [CVE-2008-4254] Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
9330| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
9331| [CVE-2008-4252] The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
9332| [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.
9333| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
9334| [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
9335| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
9336| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
9337| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
9338| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
9339| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
9340| [CVE-2008-2948] Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
9341| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
9342| [CVE-2008-1544] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
9343| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
9344| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
9345| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
9346| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
9347| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
9348| [CVE-2007-5277] Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.
9349| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
9350| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
9351| [CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
9352| [CVE-2007-0842] The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.
9353| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
9354| [CVE-2007-0047] CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
9355| [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
9356| [CVE-2006-3654] Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.
9357| [CVE-2006-3653] wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.
9358| [CVE-2005-3568] db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."
9359| [CVE-2005-3182] Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.
9360| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
9361| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
9362| [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
9363| [CVE-2002-2435] The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
9364| [CVE-2002-2380] NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
9365| [CVE-2002-0797] Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
9366| [CVE-2001-0238] Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
9367|
9368| SecurityFocus - https://www.securityfocus.com/bid/:
9369| [582] Microsoft IIS And PWS 8.3 Directory Name Vulnerability
9370| [58847] Microsoft Windows Defender for Windows 8 and Windows RT Local Privilege Escalation Vulnerability
9371| [42467] Microsoft Internet Explorer 8 'toStaticHTML()' HTML Sanitization Bypass Weakness
9372| [40490] Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability
9373| [37135] Microsoft Internet Explorer 8 Cross-Site Scripting Filter Cross-Site Scripting Vulnerability
9374| [35941] Microsoft Internet Explorer 8 Denial of Service Vulnerability
9375|
9376| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9377| [40937] Microsoft Windows Knowledge Base Article 815495 update not installed
9378| [37226] Microsoft Windows Knowledge Base Article 815495 update not installed
9379| [19102] Microsoft Knowledge Base Article 885834 is not installed
9380| [19090] Microsoft Knowledge Base Article 885250 is not installed
9381| [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed
9382| [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed
9383| [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed
9384| [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass
9385| [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation
9386| [57338] Microsoft Internet Explorer 8 Developer Tools code execution
9387| [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed
9388| [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed
9389| [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed
9390| [22155] Microsoft Knowledge Base Article 896688 is not installed
9391| [22072] Microsoft Knowledge Base Article 899587 is not installed
9392| [22071] Microsoft Knowledge Base Article 896428 is not installed
9393| [22069] Microsoft Knowledge Base Article 890859 is not installed
9394| [22068] Microsoft Knowledge Base Article 890046 is not installed
9395| [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed
9396| [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed
9397| [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed
9398| [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed
9399| [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed
9400| [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed
9401| [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed
9402| [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed
9403| [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed
9404| [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed
9405| [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed
9406| [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed
9407| [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed
9408| [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed
9409| [19875] Microsoft Knowledge Base Article 893066 is not installed
9410| [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed
9411| [19252] Microsoft Knowledge Base Article 890261 is not installed
9412| [19141] Microsoft Knowledge Base Article 867282 is not installed
9413| [19118] Microsoft Knowledge Base Article 890047 is not installed
9414| [19116] Microsoft Knowledge Base Article 891781 is not installed
9415| [19112] Microsoft Knowledge Base Article 873352 is not installed
9416| [19111] Microsoft Knowledge Base Article 888113 is not installed
9417| [19106] Microsoft Knowledge Base Article 873333 is not installed
9418| [19095] Microsoft Knowledge Base Article 888302 is not installed
9419| [19092] Microsoft Knowledge Base Article 887981 is not installed
9420| [18944] Microsoft Knowledge Base Article 886185 is not installed
9421| [18770] Microsoft Knowledge Base Article 890175 is not installed
9422| [18769] Microsoft Knowledge Base Article 887219 is not installed
9423| [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed
9424| [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed
9425| [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed
9426| [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed
9427| [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed
9428|
9429| Exploit-DB - https://www.exploit-db.com:
9430| [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities
9431| [31118] Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability
9432| [30537] Microsoft MSN Messenger <= 8.0 - Video Conversation Buffer Overflow Vulnerability
9433| [28222] microsoft works 8.0 spreadsheet Multiple Vulnerabilities
9434| [12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability
9435|
9436| OpenVAS (Nessus) - http://www.openvas.org:
9437| [902914] Microsoft IIS GET Request Denial of Service Vulnerability
9438| [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability
9439| [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
9440| [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
9441| [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
9442| [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
9443| [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability
9444| [900567] Microsoft IIS Security Bypass Vulnerability (970483)
9445| [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability
9446| [801669] Microsoft Windows IIS FTP Server DOS Vulnerability
9447| [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability
9448| [100952] Microsoft IIS FTPd NLST stack overflow
9449| [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability
9450| [10680] Test Microsoft IIS Source Fragment Disclosure
9451| [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197)
9452| [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045)
9453| [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594)
9454| [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847)
9455| [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)
9456| [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830)
9457| [903017] Microsoft Office Remote Code Execution Vulnerability (2639185)
9458| [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
9459| [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534)
9460| [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
9461| [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
9462| [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451)
9463| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
9464| [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184)
9465| [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913)
9466| [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135)
9467| [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
9468| [902920] Microsoft Office Remote Code Execution Vulnerability (2731879)
9469| [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
9470| [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
9471| [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X)
9472| [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X)
9473| [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352)
9474| [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)
9475| [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities
9476| [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
9477| [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
9478| [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
9479| [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992)
9480| [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442)
9481| [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
9482| [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
9483| [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability
9484| [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
9485| [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
9486| [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)
9487| [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
9488| [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
9489| [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
9490| [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
9491| [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)
9492| [902798] Microsoft SMB Signing Enabled and Not Required At Server
9493| [902797] Microsoft SMB Signing Information Disclosure Vulnerability
9494| [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
9495| [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
9496| [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
9497| [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883)
9498| [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)
9499| [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
9500| [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
9501| [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
9502| [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465)
9503| [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226)
9504| [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
9505| [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
9506| [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
9507| [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)
9508| [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177)
9509| [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939)
9510| [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
9511| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
9512| [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)
9513| [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)
9514| [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157)
9515| [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
9516| [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability
9517| [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
9518| [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability
9519| [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
9520| [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444)
9521| [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)
9522| [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
9523| [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
9524| [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938)
9525| [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
9526| [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048)
9527| [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)
9528| [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability
9529| [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
9530| [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670)
9531| [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634)
9532| [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621)
9533| [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
9534| [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
9535| [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
9536| [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
9537| [902518] Microsoft .NET Framework Security Bypass Vulnerability
9538| [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
9539| [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
9540| [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)
9541| [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
9542| [902495] Microsoft Office Remote Code Execution Vulnerability (2590602)
9543| [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241)
9544| [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702)
9545| [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142)
9546| [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)
9547| [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)
9548| [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978)
9549| [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)
9550| [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847)
9551| [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893)
9552| [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
9553| [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275)
9554| [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814)
9555| [902425] Microsoft Windows SMB Accessible Shares
9556| [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510)
9557| [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
9558| [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
9559| [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability
9560| [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
9561| [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146)
9562| [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
9563| [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
9564| [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293)
9565| [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047)
9566| [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
9567| [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
9568| [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
9569| [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005)
9570| [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
9571| [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953)
9572| [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960)
9573| [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)
9574| [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
9575| [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)
9576| [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
9577| [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678)
9578| [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)
9579| [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420)
9580| [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970)
9581| [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
9582| [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194)
9583| [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211)
9584| [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679)
9585| [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
9586| [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability
9587| [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability
9588| [902254] Microsoft Office Products Insecure Library Loading Vulnerability
9589| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
9590| [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
9591| [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011)
9592| [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886)
9593| [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799)
9594| [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
9595| [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168)
9596| [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)
9597| [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
9598| [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198)
9599| [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212)
9600| [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability
9601| [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
9602| [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235)
9603| [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381)
9604| [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability
9605| [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213)
9606| [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
9607| [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability
9608| [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232)
9609| [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160)
9610| [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)
9611| [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232)
9612| [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182)
9613| [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10
9614| [902133] Microsoft Office Excel Multiple Vulnerabilities (980150)
9615| [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935)
9616| [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)
9617| [902115] Microsoft Kerberos Denial of Service Vulnerability (977290)
9618| [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
9619| [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251)
9620| [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707)
9621| [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329)
9622| [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852)
9623| [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
9624| [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
9625| [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
9626| [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559)
9627| [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094)
9628| [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816)
9629| [902033] Microsoft Windows '.ani' file Denial of Service vulnerability
9630| [902015] Microsoft Paint Remote Code Execution Vulnerability (978706)
9631| [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809)
9632| [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857)
9633| [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
9634| [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660)
9635| [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
9636| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
9637| [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926)
9638| [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448)
9639| [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947)
9640| [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030)
9641| [901183] Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
9642| [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017)
9643| [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089)
9644| [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930)
9645| [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
9646| [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))
9647| [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
9648| [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
9649| [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)
9650| [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290)
9651| [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)
9652| [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461)
9653| [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218)
9654| [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858)
9655| [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207)
9656| [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
9657| [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183)
9658| [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318)
9659| [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)
9660| [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
9661| [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309)
9662| [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
9663| [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
9664| [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307)
9665| [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
9666| [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
9667| [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
9668| [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability
9669| [900956] Microsoft Windows Patterns & Practices EntLib Version Detection
9670| [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
9671| [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
9672| [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)
9673| [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09
9674| [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09
9675| [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09
9676| [900887] Microsoft Office Excel Multiple Vulnerabilities (972652)
9677| [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)
9678| [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059)
9679| [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525)
9680| [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)
9681| [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
9682| [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
9683| [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
9684| [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)
9685| [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability
9686| [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
9687| [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
9688| [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability
9689| [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability
9690| [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883)
9691| [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
9692| [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
9693| [900808] Microsoft Visual Products Version Detection
9694| [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability
9695| [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10
9696| [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165)
9697| [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856)
9698| [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
9699| [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
9700| [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953)
9701| [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
9702| [900568] Microsoft Windows Search Script Execution Vulnerability (963093)
9703| [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
9704| [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557)
9705| [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
9706| [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability
9707| [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
9708| [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability
9709| [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability
9710| [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516)
9711| [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites
9712| [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514)
9713| [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09
9714| [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability
9715| [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
9716| [900314] Microsoft XML Core Service Information Disclosure Vulnerability
9717| [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability
9718| [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
9719| [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
9720| [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)
9721| [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)
9722| [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
9723| [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
9724| [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276)
9725| [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
9726| [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
9727| [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
9728| [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429)
9729| [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
9730| [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
9731| [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)
9732| [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)
9733| [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434)
9734| [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)
9735| [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
9736| [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386)
9737| [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)
9738| [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902)
9739| [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
9740| [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542)
9741| [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
9742| [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210)
9743| [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683)
9744| [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402)
9745| [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561)
9746| [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
9747| [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
9748| [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214)
9749| [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)
9750| [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
9751| [900192] Microsoft Internet Explorer Information Disclosure Vulnerability
9752| [900187] Microsoft Internet Explorer Argument Injection Vulnerability
9753| [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability
9754| [900173] Microsoft Windows Media Player Version Detection
9755| [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability
9756| [900170] Microsoft iExplorer '&NBSP
9757| [900131] Microsoft Internet Explorer Denial of Service Vulnerability
9758| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
9759| [900120] Microsoft Organization Chart Remote Code Execution Vulnerability
9760| [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability
9761| [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
9762| [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
9763| [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
9764| [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
9765| [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
9766| [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
9767| [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
9768| [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
9769| [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
9770| [900048] Microsoft Excel Remote Code Execution Vulnerability (956416)
9771| [900047] Microsoft Office nformation Disclosure Vulnerability (957699)
9772| [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047)
9773| [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785)
9774| [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
9775| [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
9776| [900025] Microsoft Office Version Detection
9777| [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability
9778| [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
9779| [855384] Solaris Update for snmp/mibiisa 108870-36
9780| [855273] Solaris Update for snmp/mibiisa 108869-36
9781| [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
9782| [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
9783| [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)
9784| [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
9785| [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
9786| [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
9787| [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962)
9788| [802726] Microsoft SMB Signing Disabled
9789| [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities
9790| [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)
9791| [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
9792| [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655)
9793| [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability
9794| [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)
9795| [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability
9796| [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability
9797| [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability
9798| [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities
9799| [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
9800| [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability
9801| [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability
9802| [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows)
9803| [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637)
9804| [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
9805| [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
9806| [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities
9807| [801934] Microsoft Silverlight Version Detection
9808| [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
9809| [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability
9810| [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability
9811| [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
9812| [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
9813| [801721] Microsoft Active Directory Denial of Service Vulnerability (953235)
9814| [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
9815| [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213)
9816| [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
9817| [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
9818| [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227)
9819| [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)
9820| [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
9821| [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
9822| [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456)
9823| [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)
9824| [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
9825| [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
9826| [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities
9827| [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability
9828| [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
9829| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
9830| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
9831| [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
9832| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
9833| [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities
9834| [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities
9835| [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
9836| [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095)
9837| [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
9838| [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693)
9839| [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
9840| [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762)
9841| [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)
9842| [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349)
9843| [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
9844| [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
9845| [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565)
9846| [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145)
9847| [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability
9848| [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
9849| [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10)
9850| [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10
9851| [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
9852| [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
9853| [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability
9854| [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
9855| [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability
9856| [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
9857| [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities
9858| [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability
9859| [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
9860| [800902] Microsoft Internet Explorer XSS Vulnerability - July09
9861| [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09
9862| [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09
9863| [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
9864| [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability
9865| [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
9866| [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
9867| [800742] Microsoft Internet Explorer Unspecified vulnerability
9868| [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability
9869| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
9870| [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09
9871| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
9872| [800505] Microsoft HTML Help Workshop buffer overflow vulnerability
9873| [800504] Microsoft Windows XP SP3 denial of service vulnerability
9874| [800481] Microsoft SharePoint Cross Site Scripting Vulnerability
9875| [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
9876| [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
9877| [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
9878| [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability
9879| [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
9880| [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340)
9881| [800347] Microsoft Internet Explorer Clickjacking Vulnerability
9882| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
9883| [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability
9884| [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability
9885| [800331] Microsoft Windows Live Messenger Client Version Detection
9886| [800328] Integer Overflow vulnerability in Microsoft Windows Media Player
9887| [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability
9888| [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability
9889| [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability
9890| [800217] Microsoft Money Version Detection
9891| [800209] Microsoft Internet Explorer Version Detection (Win)
9892| [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities
9893| [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
9894| [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability
9895| [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)
9896| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
9897| [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127)
9898| [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902)
9899| [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969)
9900| [102015] Microsoft RPC Interface Buffer Overrun (KB824146)
9901| [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
9902| [101017] Microsoft MS03-018 security check
9903| [101016] Microsoft MS03-022 security check
9904| [101015] Microsoft MS03-034 security check
9905| [101014] Microsoft MS00-078 security check
9906| [101012] Microsoft MS03-051 security check
9907| [101010] Microsoft Security Bulletin MS05-004
9908| [101009] Microsoft Security Bulletin MS06-033
9909| [101007] Microsoft dotNET version grabber
9910| [101006] Microsoft Security Bulletin MS06-056
9911| [101005] Microsoft Security Bulletin MS07-040
9912| [101004] Microsoft MS04-017 security check
9913| [101003] Microsoft MS00-058 security check
9914| [101000] Microsoft MS00-060 security check
9915| [100950] Microsoft DNS server internal hostname disclosure detection
9916| [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability
9917| [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
9918| [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability
9919| [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
9920| [100062] Microsoft Remote Desktop Protocol Detection
9921| [90024] Windows Vulnerability in Microsoft Jet Database Engine
9922| [80007] Microsoft MS00-06 security check
9923| [13752] Denial of Service (DoS) in Microsoft SMS Client
9924| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
9925| [11874] IIS Service Pack - 404
9926| [11808] Microsoft RPC Interface Buffer Overrun (823980)
9927| [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009)
9928| [11217] Microsoft's SQL Version Query
9929| [11177] Flaw in Microsoft VM Could Allow Code Execution (810030)
9930| [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380)
9931| [11142] IIS XSS via IDC error
9932| [11067] Microsoft's SQL Hello Overflow
9933| [11003] IIS Possible Compromise
9934| [10993] IIS ASP.NET Application Trace Enabled
9935| [10991] IIS Global.asa Retrieval
9936| [10936] IIS XSS via 404 error
9937| [10862] Microsoft's SQL Server Brute Force
9938| [10755] Microsoft Exchange Public Folders Information Leak
9939| [10732] IIS 5.0 WebDav Memory Leakage
9940| [10699] IIS FrontPage DoS II
9941| [10695] IIS .IDA ISAPI filter applied
9942| [10674] Microsoft's SQL UDP Info Query
9943| [10673] Microsoft's SQL Blank Password
9944| [10671] IIS Remote Command Execution
9945| [10667] IIS 5.0 PROPFIND Vulnerability
9946| [10661] IIS 5 .printer ISAPI filter applied
9947| [10657] NT IIS 5.0 Malformed HTTP Printer Request Header Buffer Overflow Vulnerability
9948| [10585] IIS FrontPage DoS
9949| [10576] Check for dangerous IIS default files
9950| [10575] Check for IIS .cnf file leakage
9951| [10573] IIS 5.0 Sample App reveals physical path of web root
9952| [10572] IIS 5.0 Sample App vulnerable to cross-site scripting attack
9953| [10537] IIS directory traversal
9954| [10492] IIS IDA/IDQ Path Disclosure
9955| [10491] ASP/ASA source using Microsoft Translate f: bug
9956| [10144] Microsoft SQL TCP/IP listener is running
9957|
9958| SecurityTracker - https://www.securitytracker.com:
9959| [1024070] Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code
9960| [1027751] Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords
9961| [1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users
9962| [1024921] Microsoft IIS FTP Server Lets Remote Users Deny Service
9963| [1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service
9964| [1023387] Microsoft Internet Information Services (IIS) Filename Extension Parsing Configuration Error May Let Users Bypass Security Controls
9965| [1022792] Microsoft Internet Information Server (IIS) FTP Server Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code and Deny Service
9966| [1016466] Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code
9967| [1015376] Microsoft IIS Lets Remote Users Deny Service or Execute Arbitrary Code With Malformed HTTP GET Requests
9968| [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files
9969| [1014777] Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases
9970| [1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service
9971| [1010692] Microsoft IIS 4.0 Buffer Overflow in Redirect Function Lets Remote Users Execute Arbitrary Code
9972| [1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases
9973| [1010079] Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users
9974| [1008563] Microsoft IIS Fails to Log HTTP TRACK Requests
9975| [1007262] Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators
9976| [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code
9977| [1006867] Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service
9978| [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code
9979| [1006704] Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users
9980| [1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code
9981| [1005505] Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files
9982| [1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server
9983| [1005503] Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks
9984| [1005502] Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server
9985| [1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers
9986| [1004757] Microsoft IIS SMTP Service Encapsulation Bug Lets Remote Users Relay Mail and Send SPAM Via the Service
9987| [1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code
9988| [1004526] Microsoft Internet Information Server (IIS) Heap Overflow in HTR ISAPI Extension While Processing Chunked Encoded Data Lets Remote Users Execute Arbitrary Code
9989| [1004044] Cisco CallManager Affected by Microsoft Internet Information Server (IIS) Bugs
9990| [1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services
9991| [1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service
9992| [1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server
9993| [1004006] Microsoft Internet Information Server (IIS) Off-By-One Heap Overflow in .HTR Processing May Let Remote Users Execute Arbitrary Code on the Server
9994| [1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected
9995| [1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries
9996| [1002733] Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information
9997| [1002651] Microsoft Internet Information Server (IIS) May Disclose PHP Scripting Source Code
9998| [1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash
9999| [1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users
10000| [1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem
10001| [1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall
10002| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
10003| [1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error
10004| [1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command
10005| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
10006| [1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts
10007| [1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users
10008| [1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User
10009|
10010| OSVDB - http://www.osvdb.org:
10011| [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS
10012| [65218] Microsoft IE 8 Developer Tools ActiveX Remote Code Execution
10013| [87555] Adobe ColdFusion for Microsoft IIS Unspecified DoS
10014| [87262] Microsoft IIS FTP Command Injection Information Disclosure
10015| [87261] Microsoft IIS Log File Permission Weakness Local Password Disclosure
10016| [86899] Microsoft IIS 302 Redirect Message Internal IP Address Remote Disclosure
10017| [83771] Microsoft IIS Tilde Character Request Parsing File / Folder Name Information Disclosure
10018| [83454] Microsoft IIS ODBC Tool ctguestb.idc Unauthenticated Remote DSN Initialization
10019| [83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure
10020| [82848] Microsoft IIS $INDEX_ALLOCATION Data Stream Request Authentication Bypass
10021| [76237] Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Remote DoS
10022| [71856] Microsoft IIS Status Header Handling Remote Overflow
10023| [70167] Microsoft IIS FTP Server Telnet IAC Character Handling Overflow
10024| [67980] Microsoft IIS Unspecified Remote Directory Authentication Bypass
10025| [67979] Microsoft IIS FastCGI Request Header Handling Remote Overflow
10026| [67978] Microsoft IIS Repeated Parameter Request Unspecified Remote DoS
10027| [66160] Microsoft IIS Basic Authentication NTFS Stream Name Permissions Bypass
10028| [65216] Microsoft IIS Extended Protection for Authentication Memory Corruption
10029| [62229] Microsoft IIS Crafted DNS Response Inverse Lookup Log Corruption XSS
10030| [61432] Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote File Creation
10031| [61294] Microsoft IIS ASP Crafted semicolon Extension Security Bypass
10032| [61249] Microsoft IIS ctss.idc table Parameter SQL Injection
10033| [59892] Microsoft IIS Malformed Host Header Remote DoS
10034| [59621] Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure
10035| [59561] Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure
10036| [59360] Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS
10037| [57753] Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS
10038| [57589] Microsoft IIS FTP Server NLST Command Remote Overflow
10039| [56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass
10040| [55269] Microsoft IIS Traversal GET Request Remote DoS
10041| [54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass
10042| [52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing
10043| [52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS
10044| [52238] Microsoft IIS IDC Extension XSS
10045| [49899] Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Password Manipulation
10046| [49730] Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS
10047| [49059] Microsoft IIS IPP Service Unspecified Remote Overflow
10048| [45583] Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass
10049| [43451] Microsoft IIS HTTP Request Smuggling
10050| [41456] Microsoft IIS File Change Handling Local Privilege Escalation
10051| [41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution
10052| [41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass
10053| [41063] Microsoft IIS ODBC Tool newdsn.exe Remote DSN Creation
10054| [41057] Microsoft IIS w/ .NET MS-DOS Device Request Blacklist Bypass
10055| [35950] Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution
10056| [33457] Microsoft IIS Crafted TCP Connection Range Header DoS
10057| [28260] Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
10058| [27152] Microsoft Windows IIS ASP Page Processing Overflow
10059| [27087] Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
10060| [23590] Microsoft IIS Traversal Arbitrary FPSE File Access
10061| [21805] Microsoft IIS Crafted URL Remote DoS
10062| [21537] Microsoft IIS Log File Permission Weakness Remote Modification
10063| [18926] Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
10064| [17124] Microsoft IIS Malformed WebDAV Request DoS
10065| [17123] Microsoft IIS Multiple Unspecified Admin Pages XSS
10066| [17122] Microsoft IIS Permission Weakness .COM File Upload
10067| [15749] Microsoft IIS / Site Server code.asp Arbitrary File Access
10068| [15342] Microsoft IIS Persistent FTP Banner Information Disclosure
10069| [14229] Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
10070| [13985] Microsoft IIS Malformed HTTP Request Log Entry Spoofing
10071| [13760] Microsoft IIS Malformed URL Request DoS
10072| [13759] Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow
10073| [13634] Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS
10074| [13558] Microsoft IIS SSL Request Resource Exhaustion DoS
10075| [13507] Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access
10076| [13479] Microsoft IIS for Far East Parsed Page Source Disclosure
10077| [13473] Microsoft IIS on FAT Partition Local ASP Source Disclosure
10078| [13439] Microsoft IIS HTTP Request Malformed Content-Length Parsing Remote DoS
10079| [13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure
10080| [13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure
10081| [13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure
10082| [13430] Microsoft IIS aexp4.htr Password Policy Bypass
10083| [13429] Microsoft IIS aexp3.htr Password Policy Bypass
10084| [13428] Microsoft IIS aexp2b.htr Password Policy Bypass
10085| [13427] Microsoft IIS aexp2.htr Password Policy Bypass
10086| [13426] Microsoft IIS NTLM Authentication Request Parsing Remote Information Disclosure
10087| [13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS
10088| [11455] Microsoft IIS / PWS DOS Filename Request Access Bypass
10089| [11452] Microsoft IIS Double Byte Code Arbitrary Source Disclosure
10090| [11277] Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure
10091| [11257] Microsoft IIS Malformed GET Request DoS
10092| [11157] Microsoft IIS FTP Service PASV Connection Saturation DoS
10093| [11101] Microsoft IIS Multiple Slash ASP Page Request DoS
10094| [9315] Microsoft IIS getdrvs.exe ODBC Sample Information Disclosure
10095| [9314] Microsoft IIS mkilog.exe ODBC Sample Arbitrary Command Execution
10096| [9200] Microsoft IIS Unspecified XSS Variant
10097| [9199] Microsoft IIS shtml.dll XSS
10098| [8098] Microsoft IIS Virtual Directory ASP Source Disclosure
10099| [7807] Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure
10100| [7737] Microsoft IIS ASP Redirection Function XSS
10101| [7265] Microsoft IIS .ASP Session ID Disclosure and Hijacking
10102| [5851] Microsoft IIS Single Dot Source Code Disclosure
10103| [5736] Microsoft IIS Relative Path System Privilege Escalation
10104| [5693] Microsoft MS00-060 Patch IIS Malformed Request DoS
10105| [5633] Microsoft IIS Invalid WebDAV Request DoS
10106| [5606] Microsoft IIS WebDAV PROPFIND Request DoS
10107| [5584] Microsoft IIS URL Redirection Malformed Length DoS
10108| [5566] Microsoft IIS Form_VBScript.asp XSS
10109| [5316] Microsoft IIS ISAPI HTR Chunked Encoding Overflow
10110| [4864] Microsoft IIS TRACK Logging Failure
10111| [4863] Microsoft IIS Active Server Page Header DoS
10112| [4791] Microsoft IIS Response Object DoS
10113| [4655] Microsoft IIS ssinc.dll Long Filename Overflow
10114| [4535] Microsoft Media Services ISAPI nsiislog.dll POST Overflow
10115| [3512] Microsoft IIS ODBC Tool getdrvrs.exe Remote DSN Creation
10116| [3500] Microsoft IIS fpcount.exe Remote Overflow
10117| [3341] Microsoft IIS Redirect Response XSS
10118| [3339] Microsoft IIS HTTP Error Page XSS
10119| [3338] Microsoft IIS Help File XSS
10120| [3328] Microsoft IIS FTP Status Request DoS
10121| [3326] Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS
10122| [3325] Microsoft IIS HTR ISAPI Overflow
10123| [3323] Microsoft IIS ISAPI .printer Extension Host Header Overflow
10124| [3320] Microsoft IIS ASP Server-Side Include Buffer Overflow
10125| [3316] Microsoft IIS HTTP Header Field Delimiter Overflow
10126| [3301] Microsoft IIS ASP Chunked Encoding Variant Heap Overflow
10127| [3284] Microsoft IIS Winmsdp.exe Arbitrary File Retrieval
10128| [3231] Microsoft IIS Log Bypass
10129| [2106] Microsoft Media Services ISAPI nsiislog.dll Overflow
10130| [1931] Microsoft IIS MIME Content-Type Header DoS
10131| [1930] Microsoft IIS SSI ssinc.dll Filename Handling Overflow
10132| [1826] Microsoft IIS Domain Guest Account Disclosure
10133| [1824] Microsoft IIS FTP DoS
10134| [1804] Microsoft IIS Long Request Parsing Remote DoS
10135| [1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS
10136| [1750] Microsoft IIS File Fragment Disclosure
10137| [1543] Microsoft NT/IIS Invalid URL Request DoS
10138| [1504] Microsoft IIS File Permission Canonicalization Bypass
10139| [1465] Microsoft IIS .htr Missing Variable DoS
10140| [1325] Microsoft IIS Malformed Filename Request File Fragment Disclosure
10141| [1322] Microsoft IIS Malformed .htr Request DoS
10142| [1281] Microsoft IIS Escaped Character Saturation Remote DoS
10143| [1261] Microsoft IIS Chunked Transfer Encoding Remote Overflow DoS
10144| [1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access
10145| [1170] Microsoft IIS Escape Character URL Access Bypass
10146| [1083] Microsoft IIS FTP NO ACCESS Read/Delete File
10147| [1082] Microsoft IIS Domain Resolution Access Bypass
10148| [1041] Microsoft IIS Malformed HTTP Request Header DoS
10149| [1020] Microsoft IIS ISAPI GetExtensionVersion() Privilege Escalation
10150| [930] Microsoft IIS Shared ASP Cache Information Disclosure
10151| [929] Microsoft IIS FTP Server NLST Command Overflow
10152| [928] Microsoft IIS Long Request Log Evasion
10153| [815] Microsoft IIS ASP.NET trace.axd Application Tracing Information Disclosure
10154| [814] Microsoft IIS global.asa Remote Information Disclosure
10155| [782] Microsoft IIS / Site Server codebrws.asp Arbitrary File Access
10156| [771] Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation
10157| [768] Microsoft IIS ASP Chunked Encoding Heap Overflow
10158| [636] Microsoft IIS sqlqhit.asp Sample Script CiScope Parameter Information Disclosure
10159| [630] Microsoft IIS Multiple Malformed Header Field Internal IP Address Disclosure
10160| [568] Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow
10161| [564] Microsoft IIS ISM.dll Fragmented Source Disclosure
10162| [556] Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution
10163| [525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution
10164| [482] Microsoft IIS FrontPage Server Extensions (FPSE) Malformed Form DoS
10165| [475] Microsoft IIS bdir.htr Arbitrary Directory Listing
10166| [474] Microsoft IIS / Site Server viewcode.asp Arbitrary File Access
10167| [473] Microsoft IIS Multiple .cnf File Information Disclosure
10168| [471] Microsoft IIS ServerVariables_Jscript.asp Path Disclosure
10169| [470] Microsoft IIS Form_JScript.asp XSS
10170| [463] Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
10171| [436] Microsoft IIS Unicode Remote Command Execution
10172| [425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing
10173| [391] Microsoft IIS IDA/IDQ Document Root Path Disclosure
10174| [390] Microsoft IIS Translate f: Request ASP Source Disclosure
10175| [308] Microsoft IIS Malformed File Extension URL DoS
10176| [285] Microsoft IIS repost.asp File Upload
10177| [284] Microsoft IIS IISADMPWD Virtual Directory Information Enumeration
10178| [283] Microsoft IIS /iissamples Multiple Sample Scripts Installed
10179| [277] Microsoft IIS / PWS %2e Request ASP Source Disclosure
10180| [276] Microsoft IIS ASP::$DATA Stream Request ASP Source Disclosure
10181| [275] Microsoft IIS newdsn.exe Remote Arbitrary File Creation
10182| [274] Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
10183| [273] Microsoft IIS Upgrade ism.dll Local Privilege Escalation
10184| [272] Microsoft IIS MDAC RDS Arbitrary Remote Command Execution
10185| [271] Microsoft IIS WebHits null.htw .asp Source Disclosure
10186| [98] Microsoft IIS perl.exe HTTP Path Disclosure
10187| [97] Microsoft IIS ISM.DLL HTR Request Overflow
10188| [96] Microsoft IIS idq.dll Traversal Arbitrary File Access
10189| [7] Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
10190| [4] Microsoft IIS ExAir advsearch.asp Direct Request Remote DoS
10191| [3] Microsoft IIS ExAir query.asp Direct Request Remote DoS
10192| [2] Microsoft IIS ExAir search.asp Direct Request DoS
10193|_
10194139/tcp closed netbios-ssn
10195443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
10196|_http-server-header: Microsoft-HTTPAPI/2.0
10197| vulscan: VulDB - https://vuldb.com:
10198| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
10199| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
10200| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
10201| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
10202| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
10203| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10204| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10205| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10206| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10207| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10208| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10209| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10210| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10211| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10212| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10213| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10214| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10215| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10216| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10217| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10218| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
10219| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
10220| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
10221| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
10222| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
10223| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
10224| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
10225| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
10226| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
10227| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
10228| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
10229| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
10230| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
10231| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
10232| [114524] Microsoft ASP.NET Core 2.0 denial of service
10233| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
10234| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
10235| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
10236| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
10237| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
10238| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
10239| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
10240| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
10241| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
10242| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10243| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10244| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10245| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10246| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10247| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10248| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10249| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10250| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10251| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10252| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10253| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
10254| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
10255| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
10256| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
10257| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
10258| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
10259| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
10260| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
10261| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
10262| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
10263| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10264| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
10265| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
10266| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10267| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10268| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10269| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
10270| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
10271| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10272| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10273| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
10274| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
10275| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
10276| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
10277| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
10278| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
10279| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
10280| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
10281| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10282| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
10283| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
10284| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
10285| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
10286| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
10287| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
10288| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
10289| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
10290| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
10291| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
10292| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
10293| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
10294| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
10295| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
10296| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
10297| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
10298| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10299| [98085] Microsoft Excel 2007 SP3 memory corruption
10300| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
10301| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
10302| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
10303| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
10304| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
10305| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
10306| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
10307| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
10308| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
10309| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
10310| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
10311| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10312| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
10313| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
10314| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
10315| [93541] Microsoft Office 2007 SP3 denial of service
10316| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
10317| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
10318| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
10319| [93396] Microsoft Office 2007/2010/2011 memory corruption
10320| [93395] Microsoft Office 2007/2010/2011 memory corruption
10321| [93394] Microsoft Office 2007/2010 memory corruption
10322| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
10323| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
10324| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10325| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
10326| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10327| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10328| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10329| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
10330| [91545] Microsoft Office 2007/2010 memory corruption
10331| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10332| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
10333| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
10334| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
10335| [90705] Microsoft Office 2007/2010/2011 memory corruption
10336| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10337| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
10338| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
10339| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
10340| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
10341| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
10342| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
10343| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
10344| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
10345| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
10346| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
10347| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
10348| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
10349| [87147] Microsoft Office 2007/2010 memory corruption
10350| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
10351| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
10352| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
10353| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
10354| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
10355| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
10356| [81272] Microsoft Office 2007/2010/2013 memory corruption
10357| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
10358| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10359| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10360| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10361| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
10362| [79505] Microsoft Office 2007 memory corruption
10363| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
10364| [79503] Microsoft Office 2007/2010/2013 memory corruption
10365| [79502] Microsoft Office 2007/2010/2011 memory corruption
10366| [79501] Microsoft Office 2007/2010 memory corruption
10367| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
10368| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
10369| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
10370| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
10371| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
10372| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
10373| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
10374| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
10375| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
10376| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
10377| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
10378| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
10379| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
10380| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
10381| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
10382| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
10383| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
10384| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
10385| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
10386| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
10387| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
10388| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
10389| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
10390| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
10391| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
10392| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
10393| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
10394| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
10395| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
10396| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
10397| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
10398| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
10399| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
10400| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
10401| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
10402| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
10403| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
10404| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
10405| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
10406| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
10407| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
10408| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
10409| [68408] Microsoft Excel 2007/2010/2013 memory corruption
10410| [68407] Microsoft Excel 2007/2010 memory corruption
10411| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
10412| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
10413| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
10414| [68188] Microsoft Word 2007 File memory corruption
10415| [68187] Microsoft Word 2007 File memory corruption
10416| [68186] Microsoft Word 2007 File memory corruption
10417| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
10418| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
10419| [71337] Microsoft Office 2000/2004/XP memory corruption
10420| [67355] Microsoft OneNote 2007 File Processing privilege escalation
10421| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
10422| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
10423| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
10424| [13545] Microsoft Word 2007 Embedded Font memory corruption
10425| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
10426| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
10427| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
10428| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
10429| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
10430| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
10431| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
10432| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
10433| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
10434| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
10435| [12844] Microsoft Word 2007/2010 Office File memory corruption
10436| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
10437| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
10438| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
10439| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
10440| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
10441| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
10442| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
10443| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
10444| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
10445| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
10446| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
10447| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
10448| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
10449| [10648] Microsoft Word 2007 Word File memory corruption
10450| [10647] Microsoft Word 2003 Word File memory corruption
10451| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
10452| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
10453| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
10454| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
10455| [10244] Microsoft Office 2003 SP3 Word File memory corruption
10456| [10243] Microsoft Office 2003/2007 Word File memory corruption
10457| [10242] Microsoft Office 2007 Word File memory corruption
10458| [10241] Microsoft Office 2007 Word File memory corruption
10459| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
10460| [10239] Microsoft Office 2003/2007 Word File memory corruption
10461| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
10462| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
10463| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
10464| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
10465| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
10466| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
10467| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
10468| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
10469| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
10470| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
10471| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
10472| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
10473| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
10474| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
10475| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
10476| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
10477| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
10478| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
10479| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
10480| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
10481| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
10482| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
10483| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
10484| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
10485| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
10486| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
10487| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
10488| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
10489| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
10490| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
10491| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
10492| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
10493| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
10494| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
10495| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
10496| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
10497| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
10498| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
10499| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
10500| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
10501| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
10502| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
10503| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
10504| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
10505| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
10506| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
10507| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
10508| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
10509| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
10510| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
10511| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
10512| [6830] Microsoft Word 2007/2010 File memory corruption
10513| [6819] Microsoft Excel 2007 File memory corruption
10514| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
10515| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
10516| [6621] Microsoft Word 2007 PAPX memory corruption
10517| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
10518| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
10519| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
10520| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
10521| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
10522| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
10523| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
10524| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
10525| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
10526| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
10527| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
10528| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
10529| [5643] Microsoft SharePoint 2007/2010 information disclosure
10530| [5642] Microsoft SharePoint 2007 cross site request forgery
10531| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
10532| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
10533| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
10534| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
10535| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
10536| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
10537| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
10538| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
10539| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
10540| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
10541| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
10542| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
10543| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
10544| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
10545| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
10546| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
10547| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
10548| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
10549| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
10550| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
10551| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
10552| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
10553| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
10554| [4480] Microsoft Excel 2003 memory corruption
10555| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
10556| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
10557| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
10558| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
10559| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
10560| [4470] Microsoft Office 2003 SP3 memory corruption
10561| [4453] Microsoft Excel 2003 Record Parser memory corruption
10562| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
10563| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
10564| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
10565| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
10566| [59005] Microsoft Host Integration Server 2004 denial of service
10567| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
10568| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
10569| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
10570| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
10571| [58488] Microsoft Office 2007/2010 memory corruption
10572| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
10573| [4411] Microsoft Excel 2003 memory corruption
10574| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
10575| [58240] Microsoft Visio 2003/2007 memory corruption
10576| [58237] Microsoft Visio 2003/2007/2010 memory corruption
10577| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
10578| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
10579| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
10580| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
10581| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
10582| [57691] Microsoft SQL Server 2008 Web Service information disclosure
10583| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
10584| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
10585| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
10586| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
10587| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
10588| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
10589| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
10590| [4369] Microsoft Excel 2002/2003/2007 memory corruption
10591| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
10592| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
10593| [57420] Microsoft PowerPoint 2002/2003 memory corruption
10594| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
10595| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
10596| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
10597| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
10598| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
10599| [57076] Microsoft Excel 2002/2003 memory corruption
10600| [57075] Microsoft Excel 2002/2003 memory corruption
10601| [57074] Microsoft Excel 2002 memory corruption
10602| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
10603| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
10604| [4332] Microsoft PowerPoint 2007/2010 memory corruption
10605| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
10606| [56475] Microsoft Office 2004/2008 memory corruption
10607| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
10608| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
10609| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
10610| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
10611| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
10612| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
10613| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
10614| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
10615| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
10616| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
10617| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
10618| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
10619| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
10620| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
10621| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
10622| [55765] Microsoft Office 2003/Xp Integer memory corruption
10623| [55764] Microsoft Office 2003/Xp memory corruption
10624| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
10625| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
10626| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
10627| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
10628| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
10629| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
10630| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
10631| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
10632| [55420] Microsoft Office 2007/2010 memory corruption
10633| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
10634| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
10635| [55411] Microsoft PowerPoint 2002/2003 memory corruption
10636| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
10637| [54995] Microsoft Office 2004/2008 memory corruption
10638| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
10639| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
10640| [54992] Microsoft Excel 2002 memory corruption
10641| [54991] Microsoft Office 2004 Future memory corruption
10642| [54990] Microsoft Office 2004 memory corruption
10643| [54989] Microsoft Office 2004/2008 memory corruption
10644| [54988] Microsoft Excel 2002 memory corruption
10645| [54987] Microsoft Excel 2002 memory corruption
10646| [54986] Microsoft Excel 2002/2003 memory corruption
10647| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
10648| [54984] Microsoft Office 2004/2008 memory corruption
10649| [54983] Microsoft Excel 2002 Integer memory corruption
10650| [54980] Microsoft Word 2002/2003 memory corruption
10651| [54979] Microsoft Word 2002 memory corruption
10652| [54978] Microsoft Word 2002 memory corruption
10653| [54977] Microsoft Word 2002 Heap-based memory corruption
10654| [54976] Microsoft Word 2002 memory corruption
10655| [54975] Microsoft Word 2002 memory corruption
10656| [54974] Microsoft Word 2002 memory corruption
10657| [54973] Microsoft Word 2002 memory corruption
10658| [54972] Microsoft Word 2002 memory corruption
10659| [54971] Microsoft Word 2002 memory corruption
10660| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
10661| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
10662| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
10663| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
10664| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
10665| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
10666| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
10667| [54554] Microsoft Groove 2007 mso.dll memory corruption
10668| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
10669| [54322] Microsoft Word 2002/2003 memory corruption
10670| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
10671| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
10672| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
10673| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
10674| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
10675| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
10676| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
10677| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
10678| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
10679| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
10680| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
10681| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
10682| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
10683| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
10684| [53505] Microsoft Excel 2002/2007 memory corruption
10685| [53501] Microsoft Excel 2002 memory corruption
10686| [53500] Microsoft Excel 2002 memory corruption
10687| [53499] Microsoft Excel 2002 memory corruption
10688| [53495] Microsoft Excel 2002/2003/2007 memory corruption
10689| [53494] Microsoft Excel 2002 Stack-based memory corruption
10690| [53504] Microsoft Excel 2002 memory corruption
10691| [53503] Microsoft Excel 2002 Stack-Based memory corruption
10692| [53502] Microsoft Excel 2002 Heap-based memory corruption
10693| [53498] Microsoft Excel 2002 Stack-based memory corruption
10694| [53497] Microsoft Excel 2002 memory corruption
10695| [53496] Microsoft Excel 2002 memory corruption
10696| [53493] Microsoft Excel 2002/2003/2007 memory corruption
10697| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
10698| [53366] Microsoft ASP.NET 2.0 cross site scripting
10699| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
10700| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
10701| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
10702| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
10703| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
10704| [52773] Microsoft Visio 2002/2003/2007 memory corruption
10705| [52772] Microsoft Visio 2002/2003/2007 memory corruption
10706| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
10707| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
10708| [52543] Microsoft Virtual PC 2007 unknown vulnerability
10709| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
10710| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
10711| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
10712| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
10713| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
10714| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
10715| [4090] Microsoft Excel 2002/2003/2007 memory corruption
10716| [52036] Microsoft Windows 2000 MsgBox memory corruption
10717| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
10718| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
10719| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
10720| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
10721| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
10722| [51799] Microsoft PowerPoint 2002/2003 memory corruption
10723| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
10724| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
10725| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
10726| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
10727| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
10728| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
10729| [51074] Microsoft Office 2002/2003 Integer memory corruption
10730| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
10731| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
10732| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
10733| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
10734| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
10735| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
10736| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
10737| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
10738| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
10739| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
10740| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
10741| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
10742| [50443] Microsoft PowerPoint 2007 Integer memory corruption
10743| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
10744| [49866] Microsoft Windows Server 2003 memory corruption
10745| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
10746| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
10747| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
10748| [49745] Microsoft Windows Server 2003 denial of service
10749| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
10750| [49394] Microsoft Windows Server 2003 memory corruption
10751| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
10752| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
10753| [49198] Microsoft Visual Studio 2005 information disclosure
10754| [49047] Microsoft Virtual Server 2005 privilege escalation
10755| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
10756| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
10757| [49044] Microsoft ISA Server 2006 privilege escalation
10758| [3999] Microsoft Office 2007 Pointer memory corruption
10759| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
10760| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
10761| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
10762| [48517] Microsoft Windows 2000 Memory Leak memory corruption
10763| [48516] Microsoft Windows Server 2008 unknown vulnerability
10764| [48512] Microsoft Windows Server 2008 unknown vulnerability
10765| [48515] Microsoft Office Word Viewer 2003 memory corruption
10766| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
10767| [48554] Microsoft Excel 2000/2003/2007 memory corruption
10768| [48157] Microsoft PowerPoint 2002 Sound memory corruption
10769| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
10770| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
10771| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
10772| [48150] Microsoft PowerPoint 2002 Sound memory corruption
10773| [48147] Microsoft PowerPoint 2002 Sound memory corruption
10774| [48146] Microsoft PowerPoint 2002 Integer memory corruption
10775| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
10776| [48153] Microsoft PowerPoint 2002 Sound memory corruption
10777| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
10778| [48149] Microsoft PowerPoint 2002 memory corruption
10779| [48148] Microsoft PowerPoint 2002 Sound memory corruption
10780| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
10781| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
10782| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
10783| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
10784| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
10785| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
10786| [47719] Microsoft Windows 2000 Stack-based memory corruption
10787| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
10788| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
10789| [47715] Microsoft Windows 2000 Wordpad memory corruption
10790| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
10791| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
10792| [3952] Microsoft ISA Server 2004/2006 denial of service
10793| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
10794| [47091] Microsoft Windows Server 2008 unknown vulnerability
10795| [47090] Microsoft Windows Server 2008 unknown vulnerability
10796| [3939] Microsoft Windows 2000 DNS spoofing
10797| [3938] Microsoft Windows 2000 SSL weak authentication
10798| [3937] Microsoft Windows 2000 memory corruption
10799| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
10800| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
10801| [46455] Microsoft Exchange Server 2007 denial of service
10802| [46454] Microsoft Exchange Server 2007 memory corruption
10803| [46453] Microsoft Visio 2002/2003/2007 memory corruption
10804| [46452] Microsoft Visio 2002/2003/2007 memory corruption
10805| [46451] Microsoft Visio 2002/2003/2007 memory corruption
10806| [46327] Microsoft Word 2007 information disclosure
10807| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
10808| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
10809| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
10810| [45379] Microsoft Office SharePoint Server 2007 denial of service
10811| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
10812| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
10813| [3891] Microsoft Excel 2000/2002/2003 memory corruption
10814| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
10815| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
10816| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
10817| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
10818| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
10819| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
10820| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
10821| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
10822| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
10823| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
10824| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
10825| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
10826| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
10827| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
10828| [45197] Microsoft Windows 2000 nskey.dll memory corruption
10829| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
10830| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
10831| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
10832| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
10833| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
10834| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
10835| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
10836| [3844] Microsoft Excel 2003 REPT memory corruption
10837| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
10838| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
10839| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
10840| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
10841| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
10842| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
10843| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
10844| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
10845| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
10846| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
10847| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
10848| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
10849| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
10850| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
10851| [43657] Microsoft Office 2000/2003/Xp memory corruption
10852| [43654] Microsoft SharePoint Server 2007 memory corruption
10853| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
10854| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
10855| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
10856| [3796] Microsoft Office 2000 WPG memory corruption
10857| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
10858| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
10859| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
10860| [3792] Microsoft Office 2000 EPS File memory corruption
10861| [3783] Microsoft Word 2002 memory corruption
10862| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
10863| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
10864| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
10865| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
10866| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
10867| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
10868| [42816] Microsoft Word 2000/2003 memory corruption
10869| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
10870| [42731] Microsoft Windows Server 2003 denial of service
10871| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
10872| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
10873| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
10874| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
10875| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
10876| [41880] Microsoft Project 2000/2002/2003 memory corruption
10877| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
10878| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
10879| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
10880| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
10881| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
10882| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
10883| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
10884| [41453] Microsoft Excel 2000/2002/2003 memory corruption
10885| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
10886| [41451] Microsoft Excel 2000/2002/2003 memory corruption
10887| [41450] Microsoft Excel 2000 memory corruption
10888| [41449] Microsoft Excel 2000/2002/2003 memory corruption
10889| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
10890| [3648] Microsoft Excel 2003 memory corruption
10891| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
10892| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
10893| [41002] Microsoft Office 2000/2003/Xp memory corruption
10894| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
10895| [41000] Microsoft Works 2005/8.0 memory corruption
10896| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
10897| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
10898| [40987] Microsoft Windows 2000 denial of service
10899| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
10900| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
10901| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
10902| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
10903| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
10904| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
10905| [39655] Microsoft Windows Server 2003 spoofing
10906| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
10907| [3373] Microsoft Word 2000/2002 memory corruption
10908| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
10909| [38899] Microsoft ISA Server 2004 information disclosure
10910| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
10911| [38326] Microsoft Windows 2000 attemptwrite memory corruption
10912| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
10913| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
10914| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
10915| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
10916| [37738] Microsoft Office 2002/2003 memory corruption
10917| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
10918| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
10919| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
10920| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
10921| [37566] Microsoft Excel 2003 unknown vulnerability
10922| [37526] Microsoft Windows 2000/Server 2003 denial of service
10923| [37248] Microsoft Visio 2002 Packaging memory corruption
10924| [37251] Microsoft Windows 2000 memory corruption
10925| [3119] Microsoft Visio 2002 Object memory corruption
10926| [3118] Microsoft Visio 2002 Data memory corruption
10927| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
10928| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
10929| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
10930| [36616] Microsoft Works 2004/2005/2006 memory corruption
10931| [36621] Microsoft Exchange Server 2000 Integer denial of service
10932| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
10933| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
10934| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
10935| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
10936| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
10937| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
10938| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
10939| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
10940| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
10941| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
10942| [36039] Microsoft Content Management Server 2001 memory corruption
10943| [36052] Microsoft Windows 2000 Heap-based memory corruption
10944| [36051] Microsoft Word 2007 file798-1.doc memory corruption
10945| [36050] Microsoft Word 2007 file789-1.doc memory corruption
10946| [36040] Microsoft Content Management Server 2001 cross site scripting
10947| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
10948| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
10949| [36002] Microsoft Windows 2000/XP denial of service
10950| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
10951| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
10952| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
10953| [35373] Microsoft Excel 2003 denial of service
10954| [35372] Microsoft Office 2003 denial of service
10955| [35206] Microsoft Windows Server 2003/XP Crash denial of service
10956| [35161] Microsoft ISA Server 2004 unknown vulnerability
10957| [35236] Microsoft Publisher 2007 memory corruption
10958| [2939] Microsoft Word 2000 memory corruption
10959| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
10960| [34993] Microsoft Office 2000/2003/Xp memory corruption
10961| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
10962| [35000] Microsoft Word 2000/2002/2003 memory corruption
10963| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
10964| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
10965| [2884] Microsoft Word 2000/2002/2003 memory corruption
10966| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
10967| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
10968| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
10969| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
10970| [34322] Microsoft Office 2000/2003/Xp memory corruption
10971| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
10972| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
10973| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
10974| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
10975| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
10976| [34126] Microsoft Office 2003 memory corruption
10977| [34122] Microsoft Office Web Components 2000 memory corruption
10978| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
10979| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
10980| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
10981| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
10982| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
10983| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
10984| [33766] Microsoft Word 2000/2002/2003 memory corruption
10985| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
10986| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
10987| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
10988| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
10989| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
10990| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
10991| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
10992| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
10993| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
10994| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
10995| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
10996| [32693] Microsoft Word 2004 memory corruption
10997| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
10998| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
10999| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
11000| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
11001| [32694] Microsoft Windows 2000 memory corruption
11002| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
11003| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
11004| [32687] Microsoft Word 2000/2002 memory corruption
11005| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
11006| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
11007| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
11008| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
11009| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
11010| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
11011| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
11012| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
11013| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
11014| [2593] Microsoft ASP.NET 2.0 cross site scripting
11015| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
11016| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
11017| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
11018| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
11019| [141635] Microsoft .NET Core 2.1/2.2 denial of service
11020| [141633] Microsoft Excel up to 2019 memory corruption
11021| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
11022| [141630] Microsoft Windows up to Server 2019 denial of service
11023| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
11024| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
11025| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
11026| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
11027| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
11028| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
11029| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
11030| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
11031| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
11032| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
11033| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
11034| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
11035| [141610] Microsoft Excel up to 2019 information disclosure
11036| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
11037| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
11038| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
11039| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
11040| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
11041| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
11042| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
11043| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11044| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11045| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11046| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11047| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11048| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11049| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11050| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11051| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11052| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11053| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11054| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11055| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
11056| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
11057| [141583] Microsoft Lync Server 2013 Conference directory traversal
11058| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
11059| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
11060| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
11061| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
11062| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
11063| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
11064| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
11065| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
11066| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11067| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11068| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11069| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11070| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11071| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
11072| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
11073| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
11074| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
11075| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
11076| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
11077| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
11078| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
11079| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
11080| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
11081| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
11082| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
11083| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
11084| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
11085| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
11086| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
11087| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
11088| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
11089| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
11090| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
11091| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
11092| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11093| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11094| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11095| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11096| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11097| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11098| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11099| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11100| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11101| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11102| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
11103| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
11104| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
11105| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
11106| [139911] Microsoft Windows up to Server 2019 denial of service
11107| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
11108| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
11109| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
11110| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11111| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11112| [139902] Microsoft Word up to 2019 memory corruption
11113| [139901] Microsoft Outlook up to 2019 memory corruption
11114| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
11115| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
11116| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11117| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11118| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
11119| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
11120| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
11121| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
11122| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
11123| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
11124| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11125| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
11126| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
11127| [139877] Microsoft Outlook up to 2019 memory corruption
11128| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11129| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11130| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
11131| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
11132| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
11133| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
11134| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
11135| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
11136| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11137| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11138| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11139| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11140| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11141| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11142| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11143| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11144| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11145| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11146| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
11147| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11148| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
11149| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
11150| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
11151| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11152| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11153| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11154| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11155| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
11156| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
11157| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
11158| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
11159| [137541] Microsoft Windows up to Server 2019 memory corruption
11160| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
11161| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
11162| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
11163| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
11164| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11165| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
11166| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
11167| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
11168| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
11169| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
11170| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
11171| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
11172| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
11173| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
11174| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
11175| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
11176| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
11177| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
11178| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
11179| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
11180| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
11181| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
11182| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
11183| [136327] Microsoft Lync Server 2010/2013 denial of service
11184| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11185| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11186| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11187| [136323] Microsoft Windows up to Server 2019 denial of service
11188| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
11189| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11190| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
11191| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
11192| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
11193| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
11194| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
11195| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
11196| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11197| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
11198| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
11199| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
11200| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
11201| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11202| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
11203| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
11204| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
11205| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11206| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11207| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11208| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11209| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11210| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11211| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
11212| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
11213| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
11214| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
11215| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11216| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
11217| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
11218| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11219| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
11220| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
11221| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
11222| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
11223| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
11224| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11225| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
11226| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
11227| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11228| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11229| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
11230| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11231| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11232| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
11233| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
11234| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
11235| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11236| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11237| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11238| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11239| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11240| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11241| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11242| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11243| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11244| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11245| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
11246| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11247| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11248| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11249| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
11250| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
11251| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
11252| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
11253| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
11254| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
11255| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
11256| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
11257| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
11258| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11259| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11260| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
11261| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
11262| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
11263| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
11264| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
11265| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11266| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
11267| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
11268| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11269| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11270| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
11271| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
11272| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
11273| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
11274| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
11275| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
11276| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11277| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
11278| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11279| [133204] Microsoft Office/Excel up to 2019 memory corruption
11280| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11281| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11282| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11283| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11284| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
11285| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
11286| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
11287| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
11288| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11289| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
11290| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11291| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
11292| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
11293| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11294| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11295| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
11296| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
11297| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
11298| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
11299| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
11300| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
11301| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
11302| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
11303| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
11304| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
11305| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
11306| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
11307| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
11308| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
11309| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
11310| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
11311| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
11312| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
11313| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
11314| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
11315| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
11316| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
11317| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
11318| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
11319| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
11320| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
11321| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
11322| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
11323| [131658] Microsoft Windows up to Server 2019 information disclosure
11324| [131657] Microsoft Windows up to Server 2019 denial of service
11325| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
11326| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
11327| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
11328| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
11329| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
11330| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
11331| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
11332| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
11333| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11334| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
11335| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
11336| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
11337| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
11338| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
11339| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
11340| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
11341| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
11342| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
11343| [130832] Microsoft 2013 SP1 spoofing
11344| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
11345| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
11346| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
11347| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
11348| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
11349| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
11350| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11351| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
11352| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
11353| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
11354| [130814] Microsoft Windows up to Server 2019 privilege escalation
11355| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
11356| [130808] Microsoft Windows up to Server 2019 information disclosure
11357| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
11358| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
11359| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
11360| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
11361| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
11362| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
11363| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
11364| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11365| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
11366| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
11367| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
11368| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
11369| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
11370| [130792] Microsoft Windows up to Server 2019 HID information disclosure
11371| [130791] Microsoft Windows up to Server 2019 HID information disclosure
11372| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11373| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11374| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11375| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11376| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11377| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
11378| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
11379| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
11380| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
11381| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
11382| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
11383| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
11384| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
11385| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11386| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11387| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11388| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11389| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11390| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11391| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11392| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11393| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11394| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11395| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
11396| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
11397| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
11398| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
11399| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11400| [128745] Microsoft Office up to 2019 Word Macro information disclosure
11401| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11402| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11403| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
11404| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
11405| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
11406| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
11407| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
11408| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
11409| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
11410| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
11411| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
11412| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
11413| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
11414| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
11415| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11416| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
11417| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
11418| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
11419| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
11420| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
11421| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
11422| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
11423| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
11424| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
11425| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
11426| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
11427| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
11428| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
11429| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
11430| [127817] Microsoft Excel up to 2019 information disclosure
11431| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
11432| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
11433| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
11434| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
11435| [127806] Microsoft Outlook up to 2019 memory corruption
11436| [127805] Microsoft Excel up to 2019 memory corruption
11437| [127804] Microsoft Excel up to 2019 memory corruption
11438| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
11439| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
11440| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
11441| [126755] Microsoft .NET Core 2.1 privilege escalation
11442| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
11443| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
11444| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
11445| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
11446| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
11447| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
11448| [126744] Microsoft Office up to 2019 Word memory corruption
11449| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11450| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11451| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
11452| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
11453| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
11454| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
11455| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
11456| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
11457| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
11458| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
11459| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
11460| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
11461| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
11462| [126718] Microsoft Windows up to Server 2016 Search memory corruption
11463| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
11464| [126716] Microsoft Office up to 2019 Excel memory corruption
11465| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
11466| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
11467| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
11468| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
11469| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
11470| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
11471| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
11472| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
11473| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
11474| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
11475| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
11476| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
11477| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
11478| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
11479| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
11480| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
11481| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
11482| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11483| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11484| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11485| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11486| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
11487| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
11488| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
11489| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11490| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
11491| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
11492| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
11493| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11494| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11495| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
11496| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
11497| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
11498| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
11499| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
11500| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
11501| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
11502| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
11503| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
11504| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
11505| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
11506| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11507| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
11508| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
11509| [123849] Microsoft Windows up to Server 2016 SMB denial of service
11510| [123846] Microsoft Office 2016 on Win/Mac memory corruption
11511| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
11512| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
11513| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
11514| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
11515| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
11516| [123827] Microsoft Windows up to Server 2016 Image memory corruption
11517| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
11518| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
11519| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
11520| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
11521| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
11522| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
11523| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
11524| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
11525| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11526| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
11527| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
11528| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11529| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
11530| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
11531| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
11532| [122848] Microsoft Windows Security Feature 2FA weak authentication
11533| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
11534| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
11535| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
11536| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
11537| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11538| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
11539| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
11540| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
11541| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
11542| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
11543| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
11544| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11545| [121098] Microsoft Office 2016/2016 C2R memory corruption
11546| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
11547| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
11548| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
11549| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
11550| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
11551| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
11552| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
11553| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
11554| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
11555| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
11556| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
11557| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
11558| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
11559| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
11560| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
11561| [119459] Microsoft Windows up to Server 2016 memory corruption
11562| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
11563| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
11564| [119455] Microsoft Windows up to Server 2016 denial of service
11565| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
11566| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
11567| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
11568| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
11569| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
11570| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
11571| [119436] Microsoft Windows up to Server 2016 memory corruption
11572| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
11573| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
11574| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
11575| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
11576| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
11577| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
11578| [117507] Microsoft Infopath 2013 SP1 memory corruption
11579| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
11580| [117504] Microsoft Office 2010 SP2 information disclosure
11581| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
11582| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
11583| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11584| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
11585| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
11586| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
11587| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
11588| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
11589| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11590| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11591| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11592| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11593| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11594| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11595| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
11596| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
11597| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
11598| [116132] Microsoft Office 2016 Memory information disclosure
11599| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11600| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
11601| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
11602| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
11603| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
11604| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
11605| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
11606| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
11607| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
11608| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
11609| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
11610| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
11611| [116023] Microsoft Office up to 2016 C2R information disclosure
11612| [116022] Microsoft Excel 2010 SP2 memory corruption
11613| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
11614| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
11615| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11616| [116017] Microsoft Excel up to 2016 C2R memory corruption
11617| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
11618| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
11619| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
11620| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
11621| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
11622| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
11623| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
11624| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
11625| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
11626| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
11627| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
11628| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
11629| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
11630| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11631| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
11632| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
11633| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
11634| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11635| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11636| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11637| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11638| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11639| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11640| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11641| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11642| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11643| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11644| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11645| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
11646| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
11647| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
11648| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
11649| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
11650| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
11651| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
11652| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
11653| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
11654| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
11655| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
11656| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
11657| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
11658| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
11659| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
11660| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
11661| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
11662| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
11663| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
11664| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
11665| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
11666| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
11667| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
11668| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
11669| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
11670| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
11671| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
11672| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
11673| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
11674| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
11675| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
11676| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
11677| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
11678| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
11679| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
11680| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
11681| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
11682| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
11683| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
11684| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11685| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11686| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
11687| [113232] Microsoft Excel 2016 memory corruption
11688| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
11689| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
11690| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
11691| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
11692| [111567] Microsoft Office 2010/2013/2016 memory corruption
11693| [111564] Microsoft Word 2016 memory corruption
11694| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
11695| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
11696| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11697| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
11698| [110553] Microsoft Office 2016 C2R information disclosure
11699| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
11700| [110551] Microsoft Excel 2016 C2R memory corruption
11701| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
11702| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
11703| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
11704| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
11705| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
11706| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
11707| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
11708| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
11709| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
11710| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
11711| [107759] Microsoft Windows up to Server 2016 SMB denial of service
11712| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
11713| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
11714| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
11715| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
11716| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
11717| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
11718| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
11719| [107738] Microsoft Windows up to Server 2016 Search information disclosure
11720| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
11721| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
11722| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
11723| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11724| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11725| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11726| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
11727| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
11728| [107698] Microsoft Office 2016 memory corruption
11729| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
11730| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
11731| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
11732| [106529] Microsoft PowerPoint 2016 memory corruption
11733| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
11734| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
11735| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
11736| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
11737| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
11738| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
11739| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
11740| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
11741| [106474] Microsoft Office 2016 memory corruption
11742| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
11743| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
11744| [106470] Microsoft Excel 2011 on Mac memory corruption
11745| [106455] Microsoft Exchange Server 2013/2016 information disclosure
11746| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
11747| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
11748| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
11749| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
11750| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
11751| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
11752| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
11753| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
11754| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
11755| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
11756| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
11757| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
11758| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
11759| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
11760| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
11761| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
11762| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
11763| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
11764| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
11765| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
11766| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
11767| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
11768| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
11769| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
11770| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
11771| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
11772| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
11773| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
11774| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
11775| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
11776| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
11777| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
11778| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
11779| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
11780| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
11781| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
11782| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
11783| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
11784| [102463] Microsoft Project Server 2013 SP1 cross site scripting
11785| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
11786| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
11787| [102446] Microsoft Office up to 2016 privilege escalation
11788| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
11789| [102443] Microsoft Office up to 2016 privilege escalation
11790| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
11791| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
11792| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
11793| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
11794| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
11795| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
11796| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
11797| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
11798| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
11799| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
11800| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
11801| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
11802| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
11803| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
11804| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
11805| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
11806| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
11807| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
11808| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
11809| [101019] Microsoft Skype for Business 2016 memory corruption
11810| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
11811| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
11812| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
11813| [101014] Microsoft Office 2010 SP2/2016 memory corruption
11814| [101013] Microsoft Office 2010 SP2/2016 memory corruption
11815| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
11816| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
11817| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
11818| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
11819| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
11820| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
11821| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
11822| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
11823| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
11824| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
11825| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
11826| [98096] Microsoft Exchange 2013 SP1 privilege escalation
11827| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
11828| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
11829| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
11830| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
11831| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
11832| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
11833| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
11834| [98081] Microsoft Excel up to 2016 information disclosure
11835| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
11836| [98079] Microsoft Word 2016 memory corruption
11837| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
11838| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
11839| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
11840| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
11841| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
11842| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
11843| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
11844| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
11845| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
11846| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
11847| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
11848| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
11849| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
11850| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
11851| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
11852| [94451] Microsoft Office 2011 memory corruption
11853| [94447] Microsoft Office 2010 SP2 memory corruption
11854| [94446] Microsoft Office 2016 memory corruption
11855| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
11856| [94443] Microsoft Office up to 2016 information disclosure
11857| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
11858| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
11859| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
11860| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
11861| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
11862| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
11863| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
11864| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
11865| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
11866| [93393] Microsoft Office up to 2016 memory corruption
11867| [93392] Microsoft Office up to 2016 memory corruption
11868| [93391] Microsoft Office up to 2016 memory corruption
11869| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
11870| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
11871| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
11872| [92584] Microsoft Office up to 2016 memory corruption
11873| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
11874| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
11875| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
11876| [91555] Microsoft Exchange 2013/2016 Link spoofing
11877| [91550] Microsoft Office 2016 memory corruption
11878| [91547] Microsoft Office 2010 memory corruption
11879| [91543] Microsoft Office up to 2016 memory corruption
11880| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
11881| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
11882| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
11883| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
11884| [89043] Microsoft Office up to 2016 memory corruption
11885| [89041] Microsoft Office up to 2016 memory corruption
11886| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
11887| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
11888| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
11889| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
11890| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
11891| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
11892| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
11893| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
11894| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
11895| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
11896| [87936] Microsoft Office up to 2016 memory corruption
11897| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
11898| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
11899| [87149] Microsoft Office up to 2016 memory corruption
11900| [87148] Microsoft Office 2010 Graphics memory corruption
11901| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
11902| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
11903| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
11904| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
11905| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
11906| [81274] Microsoft Office up to 2016 memory corruption
11907| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
11908| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
11909| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
11910| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
11911| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
11912| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
11913| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
11914| [80870] Microsoft Office up to 2016 memory corruption
11915| [80868] Microsoft Office up to 2016 memory corruption
11916| [80867] Microsoft Office up to 2016 memory corruption
11917| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
11918| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
11919| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
11920| [80231] Microsoft Excel up to 2016 Office Document memory corruption
11921| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
11922| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
11923| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
11924| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
11925| [80218] Microsoft Office up to 2016 ASLR privilege escalation
11926| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
11927| [80216] Microsoft Office up to 2016 Office Document memory corruption
11928| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
11929| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
11930| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
11931| [79500] Microsoft Office 2010/2011/2016 memory corruption
11932| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
11933| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
11934| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
11935| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
11936| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
11937| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
11938| [77638] Microsoft Lync Server 2013 cross site scripting
11939| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
11940| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
11941| [77050] Microsoft Office up to 2016 memory corruption
11942| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
11943| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
11944| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
11945| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
11946| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
11947| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
11948| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
11949| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
11950| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
11951| [66976] Microsoft Access 2010 VBA Datatype denial of service
11952| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
11953| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
11954| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
11955| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
11956| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
11957| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
11958| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
11959| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
11960| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
11961| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
11962| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
11963| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
11964| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
11965| [69156] Microsoft Office 2010 Object memory corruption
11966| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
11967| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
11968| [68191] Microsoft SharePoint 2010 cross site scripting
11969| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
11970| [67518] Microsoft Lync 2013 denial of service
11971| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
11972| [67516] Microsoft Lync 2010/2013 denial of service
11973| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
11974| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
11975| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
11976| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
11977| [13228] Microsoft Office 2013 Document privilege escalation
11978| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
11979| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
11980| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
11981| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
11982| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
11983| [12183] Microsoft .NET Framework 2/4 DTD denial of service
11984| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
11985| [11468] Microsoft Exchange 2010/2013 cross site scripting
11986| [11466] Microsoft Office 2013 File Response information disclosure
11987| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
11988| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
11989| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
11990| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
11991| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
11992| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
11993| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
11994| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
11995| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
11996| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
11997| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
11998| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
11999| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
12000| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
12001| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
12002| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
12003| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
12004| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
12005| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
12006| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
12007| [7343] Microsoft Lync 2012 HTTP Format String
12008| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
12009| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
12010| [6831] Microsoft Office Picture Manager 2010 File memory corruption
12011| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
12012| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
12013| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
12014| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
12015| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
12016| [5641] Microsoft SharePoint 2010 cross site scripting
12017| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
12018| [12311] Microsoft Lync 2010 Search race condition
12019| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
12020| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
12021| [60208] Microsoft Visio Viewer 2010 memory corruption
12022| [60207] Microsoft Visio Viewer 2010 memory corruption
12023| [60206] Microsoft Visio Viewer 2010 memory corruption
12024| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
12025| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
12026| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
12027| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
12028| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
12029| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
12030| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
12031| [4424] Microsoft Host Integration Server up to 2010 denial of service
12032| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
12033| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
12034| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
12035| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
12036| [4414] Microsoft SharePoint 2010 cross site scripting
12037| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
12038| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
12039| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
12040| [56028] Microsoft Data Access Components 2.8 memory corruption
12041| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
12042| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
12043| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
12044| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
12045| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
12046| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
12047| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
12048| [4009] Microsoft NET Framework 2.x/3.x denial of service
12049| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
12050| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
12051| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
12052| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
12053| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
12054| [32692] Microsoft XML Core Services up to 2.6 memory corruption
12055| [32691] Microsoft XML Core Services up to 2.6 memory corruption
12056|
12057| MITRE CVE - https://cve.mitre.org:
12058| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
12059| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
12060| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
12061| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
12062| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
12063| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
12064| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
12065| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
12066| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
12067| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
12068| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
12069| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
12070| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
12071| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
12072| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
12073| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
12074| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
12075| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
12076| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
12077| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
12078| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
12079| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
12080| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
12081| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
12082| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
12083| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
12084| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
12085| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
12086| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
12087| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
12088| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
12089| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
12090| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
12091| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
12092| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
12093| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
12094| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
12095| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
12096| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
12097| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
12098| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
12099| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
12100| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
12101| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
12102| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
12103| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
12104| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
12105| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
12106| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
12107| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12108| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12109| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12110| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12111| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12112| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12113| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12114| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12115| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12116| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12117| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12118| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12119| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12120| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12121| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12122| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12123| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12124| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12125| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12126| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12127| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12128| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12129| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12130| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12131| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12132| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12133| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12134| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12135| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12136| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12137| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
12138| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
12139| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
12140| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
12141| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
12142| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
12143| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
12144| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
12145| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
12146| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
12147| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
12148| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
12149| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
12150| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
12151| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
12152| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
12153| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
12154| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
12155| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
12156| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
12157| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
12158| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
12159| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
12160| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
12161| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
12162| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
12163| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
12164| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
12165| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
12166| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
12167| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
12168| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
12169| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
12170| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
12171| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
12172| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
12173| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
12174| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
12175| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
12176| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
12177| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
12178| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
12179| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
12180| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
12181| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
12182| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
12183| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
12184| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
12185| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
12186| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
12187| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
12188| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
12189| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12190| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
12191| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
12192| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
12193| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12194| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
12195| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
12196| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
12197| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
12198| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
12199| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
12200| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
12201| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
12202| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
12203| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
12204| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12205| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
12206| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
12207| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
12208| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
12209| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
12210| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
12211| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
12212| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
12213| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
12214| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
12215| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
12216| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
12217| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
12218| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
12219| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
12220| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
12221| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12222| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
12223| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
12224| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
12225| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
12226| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
12227| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
12228| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
12229| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
12230| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
12231| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12232| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12233| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
12234| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
12235| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
12236| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
12237| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
12238| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
12239| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
12240| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
12241| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
12242| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
12243| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
12244| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
12245| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
12246| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
12247| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
12248| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
12249| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
12250| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
12251| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
12252| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
12253| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
12254| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
12255| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
12256| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
12257| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
12258| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
12259| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
12260| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
12261| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
12262| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
12263| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
12264| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
12265| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
12266| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
12267| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
12268| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
12269| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
12270| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
12271| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
12272| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
12273| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
12274| [CVE-2011-1990] Microsoft Excel 2007 SP2
12275| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
12276| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
12277| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
12278| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
12279| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
12280| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
12281| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
12282| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
12283| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
12284| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
12285| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
12286| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
12287| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
12288| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
12289| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
12290| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
12291| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
12292| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
12293| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
12294| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
12295| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
12296| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
12297| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
12298| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
12299| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12300| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12301| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12302| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12303| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12304| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12305| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12306| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12307| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12308| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12309| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
12310| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12311| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12312| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12313| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
12314| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
12315| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
12316| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
12317| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
12318| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
12319| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
12320| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
12321| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
12322| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
12323| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
12324| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
12325| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
12326| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
12327| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
12328| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
12329| [CVE-2011-1275] Microsoft Excel 2002 SP3
12330| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
12331| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12332| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
12333| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
12334| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
12335| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
12336| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
12337| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
12338| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
12339| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
12340| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
12341| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
12342| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
12343| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
12344| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12345| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12346| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12347| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12348| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12349| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12350| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12351| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12352| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12353| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12354| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12355| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12356| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12357| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12358| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12359| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12360| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12361| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12362| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
12363| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12364| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
12365| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
12366| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
12367| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12368| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12369| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12370| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12371| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12372| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12373| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12374| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12375| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12376| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12377| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
12378| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12379| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
12380| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
12381| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
12382| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
12383| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12384| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
12385| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
12386| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
12387| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
12388| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
12389| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
12390| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
12391| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12392| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12393| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
12394| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
12395| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
12396| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
12397| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
12398| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
12399| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
12400| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
12401| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
12402| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
12403| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
12404| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
12405| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
12406| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
12407| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
12408| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
12409| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
12410| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
12411| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
12412| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
12413| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
12414| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
12415| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
12416| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
12417| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
12418| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
12419| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
12420| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
12421| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
12422| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
12423| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
12424| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
12425| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
12426| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
12427| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
12428| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
12429| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
12430| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
12431| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
12432| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
12433| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
12434| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
12435| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
12436| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
12437| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
12438| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
12439| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
12440| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
12441| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
12442| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
12443| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
12444| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
12445| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
12446| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
12447| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
12448| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
12449| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
12450| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
12451| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
12452| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
12453| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
12454| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
12455| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
12456| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
12457| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
12458| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
12459| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
12460| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
12461| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
12462| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
12463| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
12464| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
12465| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
12466| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
12467| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
12468| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
12469| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
12470| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
12471| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
12472| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
12473| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
12474| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
12475| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12476| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
12477| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
12478| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
12479| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
12480| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
12481| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
12482| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
12483| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
12484| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
12485| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
12486| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
12487| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
12488| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
12489| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
12490| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
12491| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
12492| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
12493| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
12494| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
12495| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
12496| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
12497| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
12498| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
12499| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
12500| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
12501| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
12502| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
12503| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
12504| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
12505| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
12506| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
12507| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
12508| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
12509| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
12510| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
12511| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
12512| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
12513| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
12514| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
12515| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
12516| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
12517| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
12518| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
12519| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
12520| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
12521| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
12522| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
12523| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
12524| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
12525| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
12526| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
12527| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
12528| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
12529| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
12530| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
12531| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
12532| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
12533| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
12534| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
12535| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
12536| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
12537| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
12538| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
12539| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
12540| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
12541| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
12542| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
12543| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
12544| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
12545| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
12546| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
12547| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
12548| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
12549| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
12550| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
12551| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
12552| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
12553| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
12554| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
12555| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
12556| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
12557| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
12558| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
12559| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
12560| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
12561| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
12562| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
12563| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
12564| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
12565| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
12566| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
12567| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
12568| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
12569| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
12570| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
12571| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
12572| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
12573| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
12574| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
12575| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
12576| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
12577| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
12578| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
12579| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
12580| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
12581| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
12582| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
12583| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
12584| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
12585| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
12586| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
12587| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
12588| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
12589| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
12590| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
12591| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
12592| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
12593| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
12594| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
12595| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
12596| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
12597| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
12598| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
12599| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
12600| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
12601| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
12602| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
12603| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
12604| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
12605| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
12606| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
12607| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
12608| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
12609| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
12610| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
12611| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
12612| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
12613| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
12614| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
12615| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
12616| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
12617| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
12618| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
12619| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
12620| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
12621| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
12622| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
12623| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
12624| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
12625| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
12626| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
12627| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
12628| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
12629| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
12630| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
12631| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
12632| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
12633| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
12634| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
12635| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
12636| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
12637| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
12638| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
12639| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
12640| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
12641| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
12642| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
12643| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
12644| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
12645| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
12646| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
12647| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
12648| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
12649| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
12650| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
12651| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
12652| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
12653| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
12654| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
12655| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
12656| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
12657| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
12658| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
12659| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
12660| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
12661| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
12662| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
12663| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
12664| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
12665| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
12666| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
12667| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
12668| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
12669| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
12670| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
12671| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
12672| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
12673| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
12674| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
12675| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
12676| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
12677| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
12678| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
12679| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
12680| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
12681| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
12682| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
12683| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
12684| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
12685| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
12686| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
12687| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
12688| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
12689| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
12690| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
12691| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
12692| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
12693| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
12694| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
12695| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
12696| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
12697| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
12698| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
12699| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
12700| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
12701| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
12702| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
12703| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
12704| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
12705| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
12706| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
12707| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
12708| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
12709| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
12710| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
12711| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
12712| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
12713| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
12714| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
12715| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
12716| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
12717| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
12718| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
12719| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
12720| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
12721| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
12722| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
12723| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
12724| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
12725| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
12726| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
12727| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
12728| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
12729| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
12730| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
12731| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
12732| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
12733| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
12734| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
12735| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
12736| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
12737| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
12738| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
12739| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
12740| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
12741| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
12742| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
12743| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
12744| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
12745| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
12746| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
12747| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
12748| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
12749| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
12750| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
12751| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
12752| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
12753| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
12754| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
12755| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
12756| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
12757| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
12758| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
12759| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
12760| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
12761| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
12762| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
12763| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
12764| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
12765| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
12766| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
12767| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
12768| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
12769| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
12770| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
12771| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
12772| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
12773| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
12774| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
12775| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
12776| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
12777| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
12778| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
12779| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
12780| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
12781| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
12782| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
12783| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
12784| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
12785| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
12786| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
12787| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
12788| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
12789| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
12790| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
12791| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
12792| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
12793| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
12794| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
12795| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
12796| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
12797| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
12798| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
12799| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
12800| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
12801| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
12802| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
12803| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
12804| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
12805| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
12806| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
12807| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
12808| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
12809| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
12810| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
12811| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
12812| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
12813| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
12814| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
12815| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
12816| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
12817| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
12818| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
12819| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
12820| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
12821| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
12822| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
12823| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
12824| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
12825| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
12826| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
12827| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
12828| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
12829| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
12830| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
12831| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
12832| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
12833| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
12834| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
12835| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
12836| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
12837| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
12838| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
12839| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
12840| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
12841| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
12842| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
12843| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
12844| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
12845| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
12846| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
12847| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
12848| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
12849| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
12850| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
12851| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
12852| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
12853| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
12854| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
12855| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
12856| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
12857| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
12858| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
12859| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
12860| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
12861| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
12862| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
12863| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
12864| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
12865| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
12866| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
12867| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
12868| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
12869| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
12870| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
12871| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
12872| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
12873| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
12874| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
12875| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
12876| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
12877| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
12878| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
12879| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
12880| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
12881| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
12882| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
12883| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
12884| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
12885| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
12886| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
12887| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
12888| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
12889| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
12890| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
12891| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
12892| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
12893| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
12894| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
12895| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
12896| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
12897| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
12898| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
12899| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
12900| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
12901| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
12902| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
12903| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
12904| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
12905| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
12906| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
12907| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
12908| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
12909| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
12910| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
12911| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
12912| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
12913| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
12914| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
12915| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
12916| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
12917| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
12918| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
12919| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
12920| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
12921| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
12922| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
12923| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
12924| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
12925| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
12926| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
12927| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
12928| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
12929| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
12930| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
12931| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
12932| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
12933| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
12934| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
12935| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
12936| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
12937| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
12938| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
12939| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
12940| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
12941| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
12942| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
12943| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
12944| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
12945| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
12946| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
12947| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
12948| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
12949| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
12950| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
12951| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
12952| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
12953| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
12954| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
12955| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
12956| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
12957| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
12958| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
12959| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
12960| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
12961| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
12962| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
12963| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
12964| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
12965| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
12966| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
12967| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
12968| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
12969| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
12970| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
12971| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
12972| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
12973| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
12974| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
12975| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
12976| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
12977| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
12978| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
12979| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
12980| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
12981| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
12982| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
12983| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
12984| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
12985| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
12986| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
12987| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
12988| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
12989| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
12990| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
12991| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
12992| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
12993| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
12994| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
12995| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
12996| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
12997| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
12998| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
12999| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
13000| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
13001| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
13002| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
13003| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
13004| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
13005| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
13006| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
13007| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
13008| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
13009| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
13010| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
13011| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
13012| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
13013| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
13014| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
13015| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
13016| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
13017| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
13018| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
13019| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
13020| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
13021| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
13022| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
13023| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
13024| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
13025| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
13026| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
13027| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
13028| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
13029| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
13030| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
13031| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
13032| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
13033| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
13034| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
13035| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
13036| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
13037| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
13038| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
13039| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
13040| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
13041| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
13042| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
13043| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
13044| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
13045| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
13046| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
13047| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
13048| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
13049| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
13050| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
13051| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
13052| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
13053| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
13054| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
13055| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
13056| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
13057| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
13058| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
13059| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
13060| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
13061| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
13062| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
13063| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
13064| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
13065| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
13066| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
13067| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
13068| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
13069| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
13070| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
13071| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
13072| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
13073| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
13074| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
13075| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
13076| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
13077| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
13078| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
13079| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
13080| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
13081| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
13082| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
13083| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
13084| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
13085| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
13086| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
13087| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
13088| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
13089| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
13090| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
13091| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
13092| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
13093| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
13094| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
13095| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
13096| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
13097| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
13098| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
13099| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
13100| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
13101| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
13102| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
13103| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
13104| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
13105| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
13106| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
13107| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
13108| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
13109| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
13110| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
13111| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
13112| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
13113| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
13114| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
13115| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
13116| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
13117| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
13118| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
13119| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
13120| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
13121| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
13122| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
13123| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
13124| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
13125| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
13126| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
13127| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
13128| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
13129| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
13130| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
13131| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
13132| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
13133| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
13134| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
13135| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
13136| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
13137| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
13138| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
13139| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
13140| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
13141| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
13142| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
13143| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
13144| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
13145| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
13146| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
13147| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
13148| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
13149| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
13150| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
13151| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
13152| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
13153| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
13154| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
13155| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
13156| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
13157| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
13158| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
13159| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
13160| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
13161| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
13162| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
13163| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
13164| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
13165| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
13166| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
13167| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
13168| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
13169| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
13170| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
13171| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
13172| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
13173| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
13174| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
13175| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
13176| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
13177| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
13178| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
13179| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
13180| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
13181| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
13182| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
13183| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
13184| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
13185| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
13186| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
13187| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
13188| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
13189| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
13190| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
13191| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
13192| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
13193| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
13194| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
13195| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
13196| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
13197| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
13198| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
13199| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
13200| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
13201| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
13202| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
13203| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
13204| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
13205| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
13206| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
13207| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
13208| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
13209| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
13210| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
13211| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
13212| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
13213| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
13214| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
13215| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
13216| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
13217| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
13218| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
13219| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
13220| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
13221| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
13222| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
13223| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
13224| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
13225| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
13226| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
13227| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
13228| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
13229| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
13230| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
13231| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
13232| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
13233| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
13234| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
13235| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
13236| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
13237| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
13238| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
13239| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
13240| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
13241| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
13242| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
13243| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
13244| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
13245| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
13246| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
13247| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
13248| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
13249| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
13250| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
13251| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
13252| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
13253| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
13254| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
13255| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
13256| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
13257| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
13258| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
13259| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
13260| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
13261| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
13262| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
13263| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
13264| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
13265| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
13266| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
13267| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
13268| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
13269| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
13270| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
13271| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
13272| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
13273| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
13274| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
13275| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
13276| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
13277| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
13278| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
13279| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
13280| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
13281| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
13282| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
13283| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
13284| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
13285| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
13286| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
13287| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
13288| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
13289| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
13290| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
13291| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
13292| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
13293| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
13294| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
13295| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
13296| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
13297| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
13298| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
13299| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
13300| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
13301| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
13302| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
13303| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
13304| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
13305| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
13306| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
13307| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
13308| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
13309| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
13310| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
13311| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
13312| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
13313| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
13314| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
13315| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
13316| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
13317| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
13318| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
13319| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
13320| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
13321| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
13322| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
13323| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
13324| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
13325| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
13326| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
13327| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
13328| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
13329| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
13330| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
13331| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
13332| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
13333| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
13334| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
13335| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
13336| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
13337| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
13338| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
13339| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
13340| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
13341| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
13342| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
13343| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
13344| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
13345| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
13346| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
13347| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
13348| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
13349| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
13350| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
13351| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
13352| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
13353| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
13354| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
13355| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
13356| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
13357| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
13358| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
13359| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
13360| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
13361| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
13362| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
13363| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
13364| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
13365| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
13366| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
13367| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
13368| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
13369| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
13370| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
13371| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
13372| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
13373| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
13374| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
13375| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
13376| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
13377| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
13378| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
13379| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
13380| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
13381| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
13382| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
13383| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
13384| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
13385| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
13386| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
13387| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
13388| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
13389| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
13390| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
13391| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
13392| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
13393| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
13394| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
13395| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
13396| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
13397| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
13398| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
13399| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
13400| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
13401| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
13402| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
13403| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
13404| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
13405| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
13406| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
13407| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
13408| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
13409| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
13410| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
13411| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
13412| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
13413| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
13414| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
13415| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
13416| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
13417| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
13418| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
13419| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
13420| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
13421| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
13422| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
13423| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
13424| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
13425| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
13426| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
13427| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
13428| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
13429| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
13430| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
13431| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
13432| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
13433| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
13434| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
13435| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
13436| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
13437| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
13438| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
13439| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
13440| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
13441| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
13442| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
13443| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
13444| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
13445| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
13446| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
13447| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
13448| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
13449| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
13450| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
13451| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
13452| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
13453| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
13454| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
13455| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
13456| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
13457| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
13458| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
13459| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
13460| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
13461| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
13462| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
13463| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
13464| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
13465| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
13466| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
13467| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
13468| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
13469| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
13470| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
13471| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
13472| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
13473| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
13474| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
13475| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
13476| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
13477| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
13478| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
13479| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
13480| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
13481| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
13482| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
13483| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
13484| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
13485| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
13486| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
13487| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
13488| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
13489| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
13490| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
13491| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
13492| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
13493| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
13494| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
13495| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
13496| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
13497| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
13498| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
13499| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
13500| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
13501| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
13502| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
13503| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
13504| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
13505| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
13506| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
13507| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
13508| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
13509| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
13510| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
13511| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
13512| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
13513| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
13514| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
13515| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
13516| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
13517| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
13518| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
13519| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
13520| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
13521| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
13522| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
13523| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
13524| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
13525| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
13526| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
13527| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
13528| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
13529| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
13530| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
13531| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
13532| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
13533| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
13534| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
13535| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
13536| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
13537| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
13538| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
13539| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
13540| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
13541| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
13542| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
13543| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
13544| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
13545| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
13546| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
13547| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
13548|
13549| SecurityFocus - https://www.securityfocus.com/bid/:
13550| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
13551| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
13552| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
13553| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
13554| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
13555| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
13556| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
13557| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
13558| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
13559| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
13560| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
13561| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
13562| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
13563| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
13564| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
13565| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
13566| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
13567| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
13568| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
13569| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
13570| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
13571| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
13572| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
13573| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
13574| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
13575| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
13576| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
13577| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
13578| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
13579| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
13580| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
13581| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
13582| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
13583| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
13584| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
13585| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
13586| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
13587| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
13588| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
13589| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
13590| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
13591| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
13592| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
13593| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
13594| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
13595| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
13596| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
13597| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
13598| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
13599| [22716] Microsoft Office 2003 Denial of Service Vulnerability
13600| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
13601| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
13602| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
13603| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
13604| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
13605| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
13606| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
13607| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
13608| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
13609| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
13610| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
13611| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
13612| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
13613| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
13614| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
13615| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
13616| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
13617| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
13618| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
13619| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
13620| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
13621| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
13622| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
13623| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
13624| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
13625| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
13626| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
13627| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
13628| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
13629| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
13630| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
13631| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
13632| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
13633| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
13634| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
13635| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
13636| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
13637| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
13638| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
13639| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
13640| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
13641| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
13642| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
13643| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
13644| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
13645| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
13646| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
13647| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
13648| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
13649| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
13650| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
13651| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
13652| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
13653| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
13654| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
13655| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
13656| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
13657| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
13658| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
13659| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
13660| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
13661| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
13662| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
13663| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
13664| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
13665| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
13666| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
13667| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
13668| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
13669| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
13670| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
13671| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
13672| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
13673| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
13674| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
13675| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
13676| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
13677| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
13678| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
13679| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
13680| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
13681| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
13682| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
13683| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
13684| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
13685| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
13686| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
13687| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
13688| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
13689| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
13690| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
13691| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
13692| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
13693| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
13694| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
13695| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
13696| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
13697| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
13698| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
13699| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
13700| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
13701| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
13702| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
13703| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
13704| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
13705| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
13706| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
13707| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
13708| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
13709| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
13710| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
13711| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
13712| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
13713| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
13714| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
13715| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
13716| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
13717| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
13718| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
13719| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
13720| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
13721| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
13722| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
13723| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
13724| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
13725| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
13726| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
13727| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
13728| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
13729| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
13730| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
13731| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
13732| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
13733| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
13734| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
13735| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
13736| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
13737| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
13738| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
13739| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
13740| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
13741| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
13742| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
13743| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
13744| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
13745| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
13746| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
13747| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
13748| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
13749| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
13750| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
13751| [1197] Microsoft Office 2000 UA Control Vulnerability
13752| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
13753| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
13754| [539] Microsoft Windows 2000 EFS Vulnerability
13755| [180] Microsoft Windows April Fools 2001 Vulnerability
13756| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
13757| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
13758| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
13759| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
13760| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
13761| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
13762| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
13763| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
13764| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
13765| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
13766| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
13767| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
13768| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
13769| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
13770| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
13771| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
13772| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
13773| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
13774| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
13775| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
13776| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
13777| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
13778| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
13779| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
13780| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
13781| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
13782| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
13783| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
13784| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
13785| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
13786| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
13787| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
13788| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
13789| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
13790| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
13791| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
13792| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
13793| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
13794| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
13795| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
13796| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
13797| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
13798| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
13799| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
13800| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
13801| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
13802| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
13803| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
13804| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
13805| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
13806| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
13807| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
13808| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
13809| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
13810| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
13811| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
13812| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
13813| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
13814| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
13815| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
13816| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
13817| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
13818| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
13819| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
13820| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
13821|
13822| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13823| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
13824| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
13825| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
13826| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
13827| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
13828| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
13829| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
13830| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
13831| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
13832| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
13833| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
13834| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
13835| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
13836| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
13837| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
13838| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
13839| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
13840| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
13841| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
13842| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
13843| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
13844| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
13845| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
13846| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
13847| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
13848| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
13849| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
13850| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
13851| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
13852| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
13853| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
13854| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
13855| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
13856| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
13857| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
13858| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
13859| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
13860| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
13861| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
13862| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
13863| [48595] Microsoft Word 2007 Email as PDF information disclosure
13864| [46102] Microsoft Windows 2003 SP2 is not installed on the system
13865| [46101] Microsoft Windows 2003 SP1 is not installed on the system
13866| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
13867| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
13868| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
13869| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
13870| [34599] Microsoft Windows Server 2003 terminal server security bypass
13871| [34473] Microsoft Office 2000 ActiveX control buffer overflow
13872| [33713] Microsoft Word 2007 multiple unspecified denial of service
13873| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
13874| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
13875| [31821] Microsoft Windows time zone update for year 2007
13876| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
13877| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
13878| [29546] Microsoft Windows 2000/2003 user logoff initiated
13879| [29545] Microsoft Windows 2000/2003 system time changed
13880| [29544] Microsoft Windows 2000/2003 system security access removed
13881| [29543] Microsoft Windows 2000/2003 security access granted
13882| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
13883| [29541] Microsoft Windows 2000/2003 primary security token issued
13884| [29540] Microsoft Windows 2000/2003 user password reset successful
13885| [29539] Microsoft Windows 2000/2003 object indirectly accessed
13886| [29538] Microsoft Windows 2000/2003 object handle duplicated
13887| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
13888| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
13889| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
13890| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
13891| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
13892| [29532] Microsoft Windows 2000/2003 IKE security association established
13893| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
13894| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
13895| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
13896| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
13897| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
13898| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
13899| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
13900| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
13901| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
13902| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
13903| [29521] Microsoft Windows 2000/2003 account name changed
13904| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
13905| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
13906| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
13907| [26118] Microsoft Office 2003 mailto: information disclosure
13908| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
13909| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
13910| [24473] Microsoft Windows 2000 event ID 565 not logged
13911| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
13912| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
13913| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
13914| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
13915| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
13916| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
13917| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
13918| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
13919| [22183] Microsoft Exchange Server 2003 public folder denial of service
13920| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
13921| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
13922| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
13923| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
13924| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
13925| [19629] Microsoft Exchange Server 2003 folder denial of service
13926| [17826] Microsoft Outlook 2003 CID security bypass
13927| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
13928| [17621] Microsoft Windows 2003 SMTP service code execution
13929| [17560] Microsoft Windows 2000 and XP GDI library denial of service
13930| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
13931| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
13932| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
13933| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
13934| [16907] Microsoft Windows 2003 users with Create global objects privilege
13935| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
13936| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
13937| [16704] Microsoft Windows 2000 Media Player control code execution
13938| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
13939| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
13940| [16570] Microsoft Windows 2003 Users with Create global objects privilege
13941| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
13942| [16562] Microsoft Windows 2003 Groups with "
13943| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
13944| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
13945| [16520] Microsoft Windows 2003 Create global objects privilege
13946| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
13947| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
13948| [16119] Microsoft Outlook 2000 URL spoofing
13949| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
13950| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
13951| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
13952| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
13953| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
13954| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
13955| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
13956| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
13957| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
13958| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
13959| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
13960| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
13961| [13426] Microsoft Windows 2000 and XP RPC race condition
13962| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
13963| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
13964| [13385] Microsoft Windows Server 2003 "
13965| [13211] Microsoft Windows 2000 and XP URG memory leak
13966| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
13967| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
13968| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
13969| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
13970| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
13971| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
13972| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
13973| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
13974| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
13975| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
13976| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
13977| [11901] Microsoft BizTalk Server 2002 SQL injection
13978| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
13979| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
13980| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
13981| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
13982| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
13983| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
13984| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
13985| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
13986| [11216] Microsoft Windows NT and 2000 command prompt denial of service
13987| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
13988| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
13989| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
13990| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
13991| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
13992| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
13993| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
13994| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
13995| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
13996| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
13997| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
13998| [9779] Microsoft Windows 2000 weak system partition permissions
13999| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
14000| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
14001| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
14002| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
14003| [8867] Microsoft Windows 2000 LanMan denial of service
14004| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
14005| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
14006| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
14007| [8739] Microsoft Windows 2000 DCOM memory leak
14008| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
14009| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
14010| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
14011| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
14012| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
14013| [8199] Microsoft Windows 2000 Terminal Services unlocked client
14014| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
14015| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
14016| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
14017| [8037] Microsoft Windows 2000 empty TCP packet denial of service
14018| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
14019| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
14020| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
14021| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
14022| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
14023| [7533] Microsoft Windows 2000 RunAs service denial of service
14024| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
14025| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
14026| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
14027| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
14028| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
14029| [7008] Microsoft Windows 2000 IrDA device denial of service
14030| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
14031| [6931] Microsoft Windows 2000 without Service Pack 2
14032| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
14033| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
14034| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
14035| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
14036| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
14037| [6669] Microsoft Windows 2000 Telnet system call denial of service
14038| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
14039| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
14040| [6666] Microsoft Windows 2000 Telnet username denial of service
14041| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
14042| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
14043| [6652] Microsoft Exchange 2000 OWA script execution
14044| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
14045| [6506] Microsoft Windows 2000 Server Kerberos denial of service
14046| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
14047| [6160] Microsoft Windows 2000 event viewer buffer overflow
14048| [6136] Microsoft Windows 2000 domain controller denial of service
14049| [6035] Microsoft Windows 2000 Server RDP denial of service
14050| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
14051| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
14052| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
14053| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
14054| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
14055| [5585] Microsoft Windows 2000 brute force attack
14056| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
14057| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
14058| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
14059| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
14060| [5263] Microsoft Office 2000 executes .dll without users knowledge
14061| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
14062| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
14063| [5203] Microsoft Windows 2000 still image service
14064| [5171] Microsoft Windows 2000 Local Security Policy corruption
14065| [5080] Microsoft Office 2000 HTML object tag buffer overflow
14066| [5033] Microsoft Windows 2000 without Service Pack 1
14067| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
14068| [5015] Microsoft Windows NT and 2000 executable path
14069| [4887] Microsoft Windows 2000 Kerberos ticket renewed
14070| [4886] Microsoft Windows 2000 logon session reconnected
14071| [4885] Microsoft Windows 2000 logon session disconnected
14072| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
14073| [4873] Microsoft Windows 2000 user account mapped for logon
14074| [4872] Microsoft Windows 2000 account logon failed
14075| [4871] Microsoft Windows 2000 account used for logon
14076| [4855] Microsoft Windows 2000 group type change
14077| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
14078| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
14079| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
14080| [4819] Microsoft Windows 2000 default SYSKEY configuration
14081| [4787] Microsoft Windows 2000 user account locked out
14082| [4786] Microsoft Windows 2000 computer account created
14083| [4785] Microsoft Windows 2000 computer account changed
14084| [4784] Microsoft Windows 2000 computer account deleted
14085| [4714] Microsoft Windows 2000 "
14086| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
14087| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
14088| [4138] Microsoft Windows 2000 system file integrity feature is disabled
14089| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
14090| [4085] Microsoft Windows 2000 non-Gregorial calendar error
14091| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
14092| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
14093| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
14094| [4080] Microsoft Windows 2000 AOL image support
14095| [4079] Microsoft Windows 2000 High Encryption Pack
14096| [3854] Microsoft Office 2000 security setting
14097| [1376] Microsoft Proxy 2.0 denial of service
14098| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
14099| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
14100| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
14101| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
14102| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
14103| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
14104| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
14105| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
14106| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
14107| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
14108| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
14109| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
14110| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
14111| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
14112| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
14113| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
14114| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
14115| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
14116| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
14117| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
14118| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
14119| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
14120| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
14121| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
14122| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
14123| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
14124| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
14125| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
14126| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
14127| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
14128| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
14129| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
14130| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
14131| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
14132| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
14133| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
14134| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
14135| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
14136| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
14137| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
14138| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
14139| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
14140| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
14141| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
14142| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
14143| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
14144| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
14145| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
14146| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
14147| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
14148| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
14149| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
14150| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
14151| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
14152| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
14153| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
14154| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
14155| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
14156| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
14157| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
14158| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
14159| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
14160| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
14161| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
14162| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
14163| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
14164| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
14165| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
14166| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
14167| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
14168| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
14169| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
14170| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
14171| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
14172| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
14173| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
14174| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
14175| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
14176| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
14177| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
14178| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
14179| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
14180| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
14181| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
14182| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
14183| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
14184| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
14185| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
14186| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
14187| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
14188| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
14189| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
14190| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
14191| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
14192| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
14193| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
14194| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
14195| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
14196| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
14197| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
14198| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
14199| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
14200| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
14201| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
14202| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
14203| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
14204| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
14205| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
14206| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
14207| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
14208| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
14209| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
14210| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
14211| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
14212| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
14213| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
14214| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
14215| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
14216| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
14217| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
14218| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
14219| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
14220| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
14221| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
14222| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
14223| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
14224| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
14225| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
14226| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
14227| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
14228| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
14229| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
14230| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
14231| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
14232| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
14233| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
14234| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
14235| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
14236| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
14237| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
14238| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
14239| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
14240| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
14241| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
14242| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
14243| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
14244| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
14245| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
14246| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
14247| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
14248| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
14249| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
14250| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
14251| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
14252| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
14253| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
14254| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
14255| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
14256| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
14257| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
14258| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
14259| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
14260| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
14261| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
14262| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
14263| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
14264| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
14265| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
14266| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
14267| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
14268| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
14269| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
14270| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
14271| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
14272| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
14273| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
14274| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
14275| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
14276| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
14277| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
14278| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
14279| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
14280| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
14281| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
14282| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
14283| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
14284| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
14285| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
14286| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
14287| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
14288| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
14289| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
14290| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
14291| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
14292| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
14293| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
14294| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
14295| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
14296| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
14297| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
14298| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
14299| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
14300| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
14301| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
14302| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
14303| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
14304| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
14305| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
14306| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
14307| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
14308| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
14309| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
14310| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
14311| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
14312| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
14313| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
14314| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
14315| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
14316| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
14317| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
14318| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
14319| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
14320| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
14321| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
14322| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
14323| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
14324| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
14325| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
14326| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
14327| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
14328| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
14329| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
14330| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
14331| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
14332| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
14333| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
14334| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
14335| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
14336| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
14337| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
14338| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
14339| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
14340| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
14341| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
14342| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
14343| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
14344| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
14345| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
14346| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
14347| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
14348| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
14349| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
14350| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
14351| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
14352| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
14353| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
14354| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
14355| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
14356| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
14357| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
14358| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
14359| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
14360| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
14361| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
14362| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
14363| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
14364| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
14365| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
14366| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
14367| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
14368| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
14369| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
14370| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
14371| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
14372| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
14373| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
14374| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
14375| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
14376| [9146] Microsoft Passport SDK 2.1 events reporting disabled
14377| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
14378| [9067] Microsoft Passport SDK 2.1 default test site exposure
14379| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
14380| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
14381| [9064] Microsoft Passport SDK 2.1 default time window exposure
14382| [1271] Microsoft IIS version 2 installed
14383| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
14384|
14385| Exploit-DB - https://www.exploit-db.com:
14386| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
14387| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
14388| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
14389| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
14390| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
14391| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
14392| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
14393| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
14394| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
14395| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
14396| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
14397| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
14398| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
14399| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
14400| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
14401| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
14402| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
14403| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
14404| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
14405| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
14406| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
14407| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
14408| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
14409| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
14410| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
14411| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
14412| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
14413| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
14414| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
14415| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
14416| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
14417| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
14418| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
14419| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
14420| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
14421| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
14422| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
14423| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
14424| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
14425| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
14426| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
14427| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
14428| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
14429| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
14430| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
14431| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
14432| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
14433| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
14434| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
14435| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
14436| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
14437| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
14438| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
14439| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
14440| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
14441| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
14442| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
14443| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
14444| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
14445| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
14446| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
14447| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
14448| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
14449| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
14450| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
14451| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
14452| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
14453| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
14454| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
14455| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
14456| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
14457| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
14458| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
14459| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
14460| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
14461| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
14462| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
14463| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
14464| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
14465| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
14466| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
14467| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
14468| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
14469| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
14470| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
14471| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
14472| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
14473| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
14474| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
14475| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
14476| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
14477| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
14478| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
14479| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
14480| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
14481| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
14482| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
14483| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
14484| [18334] Microsoft Office 2003 Home/Pro 0day
14485| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
14486| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
14487| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
14488| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
14489| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
14490| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
14491| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
14492| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
14493| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
14494| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
14495| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
14496| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
14497| [3690] microsoft office word 2007 - Multiple Vulnerabilities
14498| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
14499| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
14500| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
14501| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
14502| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
14503| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
14504| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
14505| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
14506| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
14507| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
14508| [22850] Microsoft Office OneNote 2010 Crash PoC
14509| [22679] Microsoft Visio 2010 Crash PoC
14510| [22655] Microsoft Publisher 2013 Crash PoC
14511| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
14512| [22330] Microsoft Office Excel 2010 Crash PoC
14513| [22310] Microsoft Office Publisher 2010 Crash PoC
14514| [22237] Microsoft Office Picture Manager 2010 Crash PoC
14515| [22215] Microsoft Office Word 2010 Crash PoC
14516| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
14517| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
14518| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
14519| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
14520| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
14521| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
14522| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
14523| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
14524| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
14525| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
14526|
14527| OpenVAS (Nessus) - http://www.openvas.org:
14528| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
14529| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
14530| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
14531| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
14532| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
14533| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
14534| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
14535| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
14536| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
14537| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
14538| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
14539| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
14540| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
14541|
14542| SecurityTracker - https://www.securitytracker.com:
14543| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
14544| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
14545| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
14546| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
14547| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
14548| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
14549| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
14550| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
14551| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
14552| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
14553| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
14554| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
14555| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
14556| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
14557| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
14558| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
14559| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
14560| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
14561| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
14562| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
14563| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
14564| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
14565| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
14566| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
14567| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
14568| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
14569| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
14570| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
14571| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
14572| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
14573| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
14574| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
14575| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
14576| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
14577| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
14578| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
14579| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
14580| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
14581| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
14582| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
14583| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
14584| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
14585| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
14586| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
14587| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
14588| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
14589| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
14590| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
14591| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
14592| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
14593| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
14594| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
14595| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
14596| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
14597| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
14598| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
14599| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
14600| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
14601| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
14602|
14603| OSVDB - http://www.osvdb.org:
14604| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
14605| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
14606| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
14607| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
14608| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
14609| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
14610| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
14611| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
14612| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
14613| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
14614| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
14615| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
14616| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
14617| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
14618| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
14619| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
14620| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
14621| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
14622| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
14623| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
14624| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
14625| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
14626| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
14627| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
14628| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
14629| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
14630| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
14631| [28539] Microsoft Word 2000 Unspecified Code Execution
14632| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
14633| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
14634| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
14635| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
14636| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
14637| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
14638| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
14639| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
14640| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
14641| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
14642| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
14643| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
14644| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
14645| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
14646| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
14647| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
14648| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
14649| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
14650| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
14651| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
14652| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
14653| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
14654| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
14655| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
14656| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
14657| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
14658| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
14659| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
14660| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
14661| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
14662| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
14663| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
14664| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
14665| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
14666| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
14667| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
14668| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
14669| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
14670| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
14671| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
14672| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
14673| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
14674| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
14675| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
14676| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
14677| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
14678| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
14679| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
14680| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
14681| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
14682| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
14683| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
14684| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
14685| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
14686| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
14687| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
14688| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
14689| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
14690| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
14691| [8243] Microsoft SMS Port 2702 DoS
14692| [7202] Microsoft PowerPoint 2000 File Loader Overflow
14693| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
14694| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
14695| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
14696| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
14697| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
14698| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
14699| [6965] Microsoft ISA Server 2000 SSL Packet DoS
14700| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
14701| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
14702| [5179] Microsoft Windows 2000 microsoft-ds DoS
14703| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
14704| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
14705| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
14706| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
14707| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
14708| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
14709| [4168] Microsoft Outlook 2002 mailto URI Script Injection
14710| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
14711| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
14712| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
14713| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
14714| [2244] Microsoft Windows 2000 ShellExecute() API Let
14715| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
14716| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
14717| [1764] Microsoft Windows 2000 Domain Controller DoS
14718| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
14719| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
14720| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
14721| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
14722| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
14723| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
14724| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
14725| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
14726| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
14727| [1399] Microsoft Windows 2000 Windows Station Access
14728| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
14729| [1297] Microsoft Windows 2000 Active Directory Object Attribute
14730| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
14731| [773] Microsoft Windows 2000 Group Policy File Lock DoS
14732| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
14733| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
14734| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
14735| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
14736| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
14737| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
14738|_
14739445/tcp closed microsoft-ds
14740Device type: general purpose|WAP
14741Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
14742OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:microsoft:windows_server_2012:r2
14743Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (90%), Tomato 1.27 - 1.28 (Linux 2.4.20) (86%), Microsoft Windows Server 2012 or Windows Server 2012 R2 (85%)
14744No exact OS matches for host (test conditions non-ideal).
14745Uptime guess: 303.864 days (since Tue Dec 18 02:16:23 2018)
14746Network Distance: 2 hops
14747TCP Sequence Prediction: Difficulty=256 (Good luck!)
14748IP ID Sequence Generation: Incremental
14749Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
14750
14751TRACEROUTE (using port 139/tcp)
14752HOP RTT ADDRESS
147531 241.45 ms 10.233.204.1
147542 241.44 ms 185.182.239.167
14755
14756NSE: Script Post-scanning.
14757Initiating NSE at 00:01
14758Completed NSE at 00:01, 0.00s elapsed
14759Initiating NSE at 00:01
14760Completed NSE at 00:01, 0.00s elapsed
14761######################################################################################################################################
14762Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-18 00:01 EDT
14763NSE: Loaded 47 scripts for scanning.
14764NSE: Script Pre-scanning.
14765Initiating NSE at 00:01
14766Completed NSE at 00:01, 0.00s elapsed
14767Initiating NSE at 00:01
14768Completed NSE at 00:01, 0.00s elapsed
14769Initiating Parallel DNS resolution of 1 host. at 00:01
14770Completed Parallel DNS resolution of 1 host. at 00:01, 0.02s elapsed
14771Initiating UDP Scan at 00:01
14772Scanning 185.182.239.167 [15 ports]
14773Completed UDP Scan at 00:01, 4.70s elapsed (15 total ports)
14774Initiating Service scan at 00:01
14775Scanning 13 services on 185.182.239.167
14776Service scan Timing: About 7.69% done; ETC: 00:22 (0:19:36 remaining)
14777Completed Service scan at 00:03, 102.59s elapsed (13 services on 1 host)
14778Initiating OS detection (try #1) against 185.182.239.167
14779Retrying OS detection (try #2) against 185.182.239.167
14780Initiating Traceroute at 00:03
14781Completed Traceroute at 00:03, 7.49s elapsed
14782Initiating Parallel DNS resolution of 1 host. at 00:03
14783Completed Parallel DNS resolution of 1 host. at 00:03, 0.00s elapsed
14784NSE: Script scanning 185.182.239.167.
14785Initiating NSE at 00:03
14786Completed NSE at 00:03, 7.75s elapsed
14787Initiating NSE at 00:03
14788Completed NSE at 00:03, 1.88s elapsed
14789Nmap scan report for 185.182.239.167
14790Host is up (0.24s latency).
14791
14792PORT STATE SERVICE VERSION
1479353/udp open|filtered domain
1479467/udp open|filtered dhcps
1479568/udp open|filtered dhcpc
1479669/udp open|filtered tftp
1479788/udp open|filtered kerberos-sec
14798123/udp open|filtered ntp
14799137/udp filtered netbios-ns
14800138/udp filtered netbios-dgm
14801139/udp open|filtered netbios-ssn
14802161/udp open|filtered snmp
14803162/udp open|filtered snmptrap
14804389/udp open|filtered ldap
14805500/udp open|filtered isakmp
14806|_ike-version: ERROR: Script execution failed (use -d to debug)
14807520/udp open|filtered route
148082049/udp open|filtered nfs
14809Too many fingerprints match this host to give specific OS details
14810
14811TRACEROUTE (using port 138/udp)
14812HOP RTT ADDRESS
148131 ... 4
148145 244.53 ms 10.233.204.1
148156 244.51 ms 10.233.204.1
148167 244.50 ms 10.233.204.1
148178 244.48 ms 10.233.204.1
148189 244.46 ms 10.233.204.1
1481910 244.44 ms 10.233.204.1
1482011 163.95 ms 10.233.204.1
1482112 ... 15
1482216 214.61 ms 10.233.204.1
1482317 ... 18
1482419 277.80 ms 10.233.204.1
1482520 ... 22
1482623 121.28 ms 10.233.204.1
1482724 ... 25
1482826 104.19 ms 10.233.204.1
1482927 ... 29
1483030 292.37 ms 10.233.204.1
14831
14832NSE: Script Post-scanning.
14833Initiating NSE at 00:03
14834Completed NSE at 00:03, 0.00s elapsed
14835Initiating NSE at 00:03
14836Completed NSE at 00:03, 0.00s elapsed
14837#######################################################################################################################################
14838Hosts
14839=====
14840
14841address mac name os_name os_flavor os_sp purpose info comments
14842------- --- ---- ------- --------- ----- ------- ---- --------
14843185.182.239.167 Linux 2.6.X server
14844
14845Services
14846========
14847
14848host port proto name state info
14849---- ---- ----- ---- ----- ----
14850185.182.239.167 25 tcp smtp closed
14851185.182.239.167 53 udp domain unknown
14852185.182.239.167 67 udp dhcps unknown
14853185.182.239.167 68 udp dhcpc unknown
14854185.182.239.167 69 udp tftp unknown
14855185.182.239.167 80 tcp http open Microsoft IIS httpd 8.5
14856185.182.239.167 88 udp kerberos-sec unknown
14857185.182.239.167 123 udp ntp unknown
14858185.182.239.167 137 udp netbios-ns filtered
14859185.182.239.167 138 udp netbios-dgm filtered
14860185.182.239.167 139 tcp netbios-ssn closed
14861185.182.239.167 139 udp netbios-ssn unknown
14862185.182.239.167 161 udp snmp unknown
14863185.182.239.167 162 udp snmptrap unknown
14864185.182.239.167 389 udp ldap unknown
14865185.182.239.167 443 tcp ssl/http open Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
14866185.182.239.167 445 tcp microsoft-ds closed
14867185.182.239.167 500 udp isakmp unknown
14868185.182.239.167 520 udp route
14869#######################################################################################################################################
14870 Anonymous JTSEC #OpTurkey Full Recon #14